A Microsoft Access workgroup information file contains a list of users who share data, also know as a workgroup. Users' passwords are also stored in the workgroup information file. To control who has access to your database, you must create a new workgroup information file.
- Start Microsoft Access.
- On the Tools menu, point to Security, and then click Workgroup Administrator.
- In the Workgroup Administrator dialog box, click Create.
- In the Workgroup Owner Information dialog box, type your name and organization, and then type any combination of up to 20 numbers and letters for the workgroup ID (WID).
Caution Be sure to write down your exact name, organization, and workgroup ID
— including whether letters are uppercase or lowercase (for all three entries) — and keep them in a secure place. If you have to re-create the workgroup information file, you must supply exactly the same name, organization, and workgroup ID. If you forget or lose these entries, you can't recover them and might lose access to your databases. - Type a new name for the new workgroup information file. By default, the workgroup information file is saved in the language folder. To save in a different location, type a new path or click Browse to specify the new path.
The new workgroup information file is used the next time you start Microsoft Access. Any user and group accounts or passwords that you create are saved in the new workgroup information file. To have others join the workgroup defined by your new workgroup information file, copy the file to a shared folder (if you didn't already save it in a shared folder in step 5), and then have each user run the Workgroup Administrator to join the new workgroup information file.
Join a Microsoft Access workgroup by using the Workgroup Administrator
Important If you are setting up user-level security and need to make sure that your workgroup and its permissions can't be duplicated, you should make sure the workgroup information file that defines the workgroup you're joining has been created with a unique workgroup ID (WID). If such a workgroup information file doesn't exist, you should create one.
- Start Microsoft Access.
- On the Tools menu, point to Security, and then click Workgroup Administrator.
- In the Workgroup Administrator dialog box, click Join.
- Type the path and name of the workgroup information file that defines the Microsoft Access workgroup you want to join, and then click OK, or click Browse and then use the Select Workgroup Information File dialog box to locate the workgroup information file.
The next time you start Microsoft Access, it uses the user and group accounts and passwords stored in the workgroup information file for the workgroup you joined.
Set up more than one workgroup to use the same security-enabled database
You can give users in different Microsoft Access workgroups access to a security-enabled database and its objects. This is useful if you want users at remote locations to manage their own workgroup membership.
- If necessary, use the Workgroup Administrator to join one of the workgroups.
Important If you are setting up user-level security and need to make sure that your workgroup and its permissions can't be duplicated, you should make sure the workgroup information file that defines the workgroup you're joining has been created with a unique workgroup ID (WID). If such a workgroup information file doesn't exist, you should create one.
- Start Microsoft Access.
- On the Tools menu, point to Security, and then click Workgroup Administrator.
- In the Workgroup Administrator dialog box, click Join.
- Type the path and name of the workgroup information file that defines the Microsoft Access workgroup you want to join, and then click OK, or click Browse and then use the Select Workgroup Information File dialog box to locate the workgroup information file.
The next time you start Microsoft Access, it uses the user and group accounts and passwords stored in the workgroup information file for the workgroup you joined.
- Exit Microsoft Access.
- Restart Access, open a database, and then log on as a workgroup administrator (a member of the Admins group).
- Create a group account.
As part of securing a database, you can create group accounts in your Microsoft Access workgroup that you use to assign a common set of permissions to multiple users.
To complete this procedure, you must be logged on as a member of the Admins group.
- Start Microsoft Access by using the workgroup in which you want to use the account.
Important The accounts you create for users must be stored in the workgroup information file that those users will use. If you're using a different workgroup to create the database, change your workgroup before creating the accounts. You can change workgroups by using the Workgroup Administrator.
- Open a database.
- On the Tools menu, point to Security, and then click User And Group Accounts.
- On the Groups tab, click New.
- In the New User/Group dialog box, type the name of the new account and a personal ID (PID).
Caution Be sure to write down the exact account name and PID, including whether letters are uppercase or lowercase, and keep them in a secure place. If you have to re-create an account that has been deleted or created in a different workgroup, you must supply the same name and PID entries. If you forget or lose these entries, you can't recover them.
Note A user account name cannot be same as an existing group account name, and visa versa.
- Click OK to create the new group account.
Note The PID entered in step 5 is not a password. Microsoft Access uses the PID and the user name as seeds for an encryption algorithm to generate an encrypted identifier for the user account.
- Start Microsoft Access by using the workgroup in which you want to use the account.
- Add users to the new group.
To complete this procedure, you must be logged on as a member of the Admins group.
- Start Microsoft Access by using the workgroup that contains the user and group accounts.
You can find out which workgroup is current or change workgroups by using the Workgroup Administrator.
- Open the database.
- On the Tools menu, point to Security, and then click User And Group Accounts.
- On the Users tab, enter in the Name box the user you want to add to a group.
- In the Available Groups box, click the group you want to add the user to, and then click Add.
The selected group is displayed in the Member Of list.
- Repeat step 5 if you want to add this user to any other groups. Repeat steps 4 and 5 to add other users to groups.
Note You can add users to this group or delete them at any time.
- Start Microsoft Access by using the workgroup that contains the user and group accounts.
- Repeat steps 1 through 5 for each workgroup that will share the same security-enabled database. In step 4, make sure to type exactly the same case-sensitive group name and personal ID (PID) as you did for the group account you created in the first workgroup.
- Open the security-enabled database you want to share between the workgroups and assign permissions to the new groups.
You can add or remove permissions for an existing database and its objects, or you can set what permissions are used when you create new objects.
Assign or remove permissions for a database and its objects
- Open the database.
The workgroup information file in use when you log on must contain the user or group accounts that you want to assign permissions for at this time; however, you can assign permissions to groups and add users to those groups later.
- On the Tools menu, point to Security, and then click User And Group Permissions.
- On the Permissions tab, click Users or Groups, and then in the User/Group Name box, click the user or group that you want to assign permissions to.
- Click the type of object in the Object Type box, and then click the name of the object to assign permissions for in the Object Name box. Select multiple objects in the Object Name box by dragging through the objects you want to select, or by holding down CTRL and clicking the objects you want.
Note Hidden objects aren't displayed in the Object Name box unless you select Hidden objects on the View tab of the Options dialog box (Tools menu).
-
Under Permissions, select the permissions you want to assign, or clear the permissions you want to remove for the group or user, and then click Apply. Repeat steps 4 and 5 to assign or remove permissions for additional objects for the current user or group.
- Repeat steps 3 through 5 for any additional users or groups.
Notes
- Some permissions automatically imply the selection of others. For example, the Modify Data permission for a table automatically implies the Read Data and Read Design permissions because you need these to modify the data in a table. Modify Design and Read Data imply Read Design. For macros, Read Design implies Open/Run.
- When you edit an object and save it, it retains its assigned permissions. However, if an object is saved with a new name, it is now a new object, and so has the default permissions defined for that object type rather than the permissions of the original object.
Assign default permissions for new tables, queries, forms, reports, and macros
Default permissions can be assigned only by an administrator account (a member of the Admins group in the workgroup in which the database that contains the object was created) or by the owner of the database.
- Open the database.
- On the Tools menu, point to Security, and then click User And Group Permissions.
- On the Permissions tab, click Users or Groups, and then in the User/Group Name box, click the user or group that you want to assign permissions to.
- Click the type of object in the Object Type box, and click <New object> in the Object Name list.
- Select the default permissions that you want to assign for that object type, and then click Apply. Repeat steps 4 and 5 to assign default permissions for additional object types for the current user or group.
- Repeat steps 3 through 5 for any additional users or groups, and then click OK when you have finished.
Note Some permissions automatically imply the selection of others. For example, the Modify Data permission for a table automatically implies the Read Data and Read Design permissions because you need these to modify the data in a table. Modify Design and Read Data imply Read Design. For macros, Read Design implies Open/Run.
- Open the database.
Note You can also have a workgroup administrator at a remote location add the same group to his or her workgroup information file by providing the administrator with the exact case-sensitive group name and PID you used to create that group in your workgroup information file.
Log on to a workgroup information file
Log on to a Microsoft Access workgroup
The Logon box is displayed only if the logon procedure has been activated for your Microsoft Access workgroup. Once the logon procedure has been activated, you must identify yourself at startup by entering a valid user account name. If a password has been added to a user account, you must also enter the password.
- Start Microsoft Access.
- If necessary, change to the workgroup that contains the user account you want to use to log on by using the Microsoft Access Workgroup Administrator.
Important If you are setting up user-level security and need to make sure that your workgroup and its permissions can't be duplicated, you should make sure the workgroup information file that defines the workgroup you're joining has been created with a unique workgroup ID (WID). If such a workgroup information file doesn't exist, you should create one.
- Start Microsoft Access.
- On the Tools menu, point to Security, and then click Workgroup Administrator.
- In the Workgroup Administrator dialog box, click Join.
- Type the path and name of the workgroup information file that defines the Microsoft Access workgroup you want to join, and then click OK, or click Browse and then use the Select Workgroup Information File dialog box to locate the workgroup information file.
The next time you start Microsoft Access, it uses the user and group accounts and passwords stored in the workgroup information file for the workgroup you joined.
- Open a database. If the logon procedure has been activated, the Logon box is displayed.
- Type your user account name in the Name box. Your user account name isn't case-sensitive.
- If your password has been defined, type your password in the Password box; otherwise, leave it blank. Passwords are case-sensitive.
Modify a workgroup information file to require users to log on to Microsoft Access
When you help protect a database, you create user accounts in a Microsoft Access workgroup, and then assign permissions for the database and its objects to those user accounts and to any group accounts to which they belong. Until you activate the logon procedure for a workgroup, Access automatically logs on all users at startup using the predefined Admin user account. If you want users to have only the permissions associated with their own accounts, you can have them log on by using their accounts. Users log on to Microsoft Access by typing a user name and password in the Logon dialog box.
- Join the workgroup whose logon procedure you want to activate.
Important If you are setting up user-level security and need to make sure that your workgroup and its permissions can't be duplicated, you should make sure the workgroup information file that defines the workgroup you're joining has been created with a unique workgroup ID (WID). If such a workgroup information file doesn't exist, you should create one.
- Start Microsoft Access.
- On the Tools menu, point to Security, and then click Workgroup Administrator.
- In the Workgroup Administrator dialog box, click Join.
- Type the path and name of the workgroup information file that defines the Microsoft Access workgroup you want to join, and then click OK, or click Browse and then use the Select Workgroup Information File dialog box to locate the workgroup information file.
The next time you start Microsoft Access, it uses the user and group accounts and passwords stored in the workgroup information file for the workgroup you joined.
- On the Tools menu, point to Security, and then click User And Group Accounts.
- Click the Users tab, and make sure that the predefined Admin user account is highlighted in the Name box.
- Click the Change Logon Password tab, and then type a new password in the New Password box. Don't type anything in the Old Password box.
Use strong passwords that combine upper- and lowercase letters, numbers, and symbols. Weak passwords don't mix these elements. Strong password: Y6dh!et5. Weak password: House27. Use a strong password that you can remember so that you don't have to write it down.
User names can range from 1 to 20 characters, and can include alphabetic characters, accented characters, numbers, spaces, and symbols, with the following exceptions:
- The characters " \ [ ] : | < > + = ; , . ? *
- Leading spaces
- Control characters (ASCII 10 through ASCII 31)
Note Passwords are case-sensitive.
- Verify the password by typing it again in the Verify box, and then click OK.
The Logon dialog box is displayed the next time any member of the workgroup that you joined in step 2 starts Microsoft Access and opens a database. Each user will use the password created in step 5 to open the database. Once in the database, they will have the permissions assigned to their group or user accounts. If no user accounts are currently defined for that workgroup, the Admin user is the only valid account at this point.
If you don't need to establish different levels of permissions for different groups of users, you can have Microsoft Access automatically log users on as the Admin user in the Users group with the permissions specified for that group. Users will not be required to enter their user name and password in the Logon dialog box when they open the database. Using this method, you can help protect any or all of the objects in a database. However, each user will have the same set of permissions. This does not remove user-level security from the database.
- Join the workgroup that has the logon procedure that you want to deactivate.
Important If you are setting up user-level security and need to make sure that your workgroup and its permissions can't be duplicated, you should make sure the workgroup information file that defines the workgroup you're joining has been created with a unique workgroup ID (WID). If such a workgroup information file doesn't exist, you should create one.
- Start Microsoft Access.
- On the Tools menu, point to Security, and then click Workgroup Administrator.
- In the Workgroup Administrator dialog box, click Join.
- Type the path and name of the workgroup information file that defines the Microsoft Access workgroup you want to join, and then click OK, or click Browse and then use the Select Workgroup Information File dialog box to locate the workgroup information file.
The next time you start Microsoft Access, it uses the user and group accounts and passwords stored in the workgroup information file for the workgroup you joined.
- On the Tools menu, point to Security, and then click User And Group Accounts.
- Click the Users tab.
- In the Name box, select Admin from the list, and then click Clear Password.
The next time any member of the workgroup that you joined in step 1 starts Microsoft Access and opens a database, it will no longer display the Logon dialog box.
Restore or rebuild a workgroup information file
Restore a damaged or deleted Microsoft Access workgroup information file
In rare circumstances, the Microsoft Access workgroup information file can become damaged. If you start Microsoft Access and that file can't be opened, a message will be displayed. How you solve this problem depends on whether you have a backup copy and how your workgroup information file was originally created or specified. The following table summarizes how you should address each situation.
Important Microsoft Access stores security account information in the workgroup information file. So in all cases where you don't have a backup copy and have to re-create a workgroup information file, if you've restricted permissions to your databases, you must re-create security accounts with the same case-sensitive names and personal ID (PID) entries as before.
Note You don't have to redefine permissions or object ownership because this information is stored in the security-enabled databases.
Used Workgroup Administrator | Made backup copy | Solution |
---|---|---|
No. Used default file created when installing Microsoft Access. | No | Re-start Microsoft Access and Microsoft Windows installer will re-create a default workgroup information file. |
No. Used default file created when installing Microsoft Access. | Yes | Use Windows Explorer, My Computer, MS-DOS copy command, or backup software to copy the most recent copy of the file to the folder where you installed Microsoft Access. |
Yes. Created a new file. | No | Run the Workgroup Administrator again, typing the same case-sensitive name, organization, and workgroup ID (WID) entries you used when you originally created it. |
Yes. Created a new file. | Yes | Copy or restore the backup copy to the path where you originally saved your workgroup information file. |
Yes. Joined (specified) a file on a path other than the folder where Microsoft Access is installed. | Yes | Copy or restore the backup copy to the original path. |
Yes. Joined (specified) a file on a path other than the folder where Microsoft Access is installed. | No | Create a new copy by using the method that was used to create the original file: re-start Microsoft Access so that installer will re-create a default workgroup information file, or run the Workgroup Administrator and type the same case-sensitive name, organization, and workgroup ID entries used when it was originally created. |
Rebuild a workgroup information file from user and group names and IDs
If a workgroup information file becomes damaged or has been deleted, and a backup copy isn't available, you can re-create the workgroup information file if you have the exact case-sensitive information that you used to create the file and define the accounts and groups in the file originally.
- Create a new workgroup information file, making sure to enter the exact case-sensitive name, company name, and workgroup ID (WID) that you used to create the original file. Failure to re-enter the exact entries used to create the original file will create an invalid Admins group.
A Microsoft Access workgroup information file contains a list of users who share data, also know as a workgroup. Users' passwords are also stored in the workgroup information file. To control who has access to your database, you must create a new workgroup information file.
- Start Microsoft Access.
- On the Tools menu, point to Security, and then click Workgroup Administrator.
- In the Workgroup Administrator dialog box, click Create.
- In the Workgroup Owner Information dialog box, type your name and organization, and then type any combination of up to 20 numbers and letters for the workgroup ID (WID).
Caution Be sure to write down your exact name, organization, and workgroup ID
— including whether letters are uppercase or lowercase (for all three entries) — and keep them in a secure place. If you have to re-create the workgroup information file, you must supply exactly the same name, organization, and workgroup ID. If you forget or lose these entries, you can't recover them and might lose access to your databases. - Type a new name for the new workgroup information file. By default, the workgroup information file is saved in the language folder. To save in a different location, type a new path or click Browse to specify the new path.
The new workgroup information file is used the next time you start Microsoft Access. Any user and group accounts or passwords that you create are saved in the new workgroup information file. To have others join the workgroup defined by your new workgroup information file, copy the file to a shared folder (if you didn't already save it in a shared folder in step 5), and then have each user run the Workgroup Administrator to join the new workgroup information file.
- Re-create any group accounts, making sure to enter the exact case-sensitive group name and personal ID (PID) for each group.
As part of securing a database, you can create group accounts in your Microsoft Access workgroup that you use to assign a common set of permissions to multiple users.
To complete this procedure, you must be logged on as a member of the Admins group.
- Start Microsoft Access by using the workgroup in which you want to use the account.
Important The accounts you create for users must be stored in the workgroup information file that those users will use. If you're using a different workgroup to create the database, change your workgroup before creating the accounts. You can change workgroups by using the Workgroup Administrator.
- Open a database.
- On the Tools menu, point to Security, and then click User And Group Accounts.
- On the Groups tab, click New.
- In the New User/Group dialog box, type the name of the new account and a personal ID (PID).
Caution Be sure to write down the exact account name and PID, including whether letters are uppercase or lowercase, and keep them in a secure place. If you have to re-create an account that has been deleted or created in a different workgroup, you must supply the same name and PID entries. If you forget or lose these entries, you can't recover them.
Note A user account name cannot be same as an existing group account name, and visa versa.
- Click OK to create the new group account.
Note The PID entered in step 5 is not a password. Microsoft Access uses the PID and the user name as seeds for an encryption algorithm to generate an encrypted identifier for the user account.
- Start Microsoft Access by using the workgroup in which you want to use the account.
- Re-create each user account, making sure to enter the exact case-sensitive user name and PID for each user.
To complete this procedure, you must be logged on as a member of the Admins group.
Note It is usually easier to manage security if you organize users into groups, and then assign permissions to groups rather than to individual users.
- Start Microsoft Access by using the workgroup in which you want to use the account.
Important The accounts you create for users must be stored in the workgroup information file that those users will use. If you're using a different workgroup to create the database, change your workgroup before creating the accounts.
- Open a database.
- On the Tools menu, point to Security, and then click User And Group Accounts.
- On the Users tab, click New.
- In the New User/Group dialog box, type the name of the new account and a personal ID (PID), and then click OK to create the new account, which is automatically added to the Users group.
Caution Be sure to write down the exact account name and PID, including whether letters are uppercase or lowercase, and keep them in a secure place. If you ever have to re-create an account that has been deleted or created in a different workgroup, you must supply the same name and PID entries. If you forget or lose these entries, you can't recover them.
Notes
- A user account name cannot be same as an existing group account name, and visa versa.
- The PID entered in step 5 is not a password. Microsoft Access uses the PID and the user name as seeds for an encryption algorithm to generate an encrypted identifier for the user account.
- Start Microsoft Access by using the workgroup in which you want to use the account.
- If you saved the new workgroup information file to a new name or location in step 1, tell other users in the workgroup to use the Workgroup Administrator to join the new workgroup information file.