Access 12 Security Model

"ACE will no longer support the JET concept of user level security for new file formats " I'm guessing that ACE is the name of the new JET database format??? Since you are no longer supporting user-level security in "ACE," I presume that means that you are continuing to enhance the ADP concept to access SQL Server data? Could you please comment on that for us ADP/ SQL Server users? Will ADPs get the same enhancements as the MDBs?

Gosh. It's hard to know what to say. (1) The macro thing. IMHO, no experienced developer is going to start coding to macros, just so their database has minimal functionality in a locked-down mode. How many professionally designed, turnkey Access applications can work to any acceptable degree, without VBA? My bet is, a very small number. This is not a feature that I would have envisaged in a hundred years. I do not use macros now, and I do not plan to use them in the future, whatever changes have been made with them. This is not because "they are a subset of VAB", as you disengeniously state; it is because they do not have any proper control structures, error handling, or other things that properly-written code should have. (2) The new trust model - will you still support the AutomationSecurty property? I use that to luanch my product from a script, bypassing all the security warnings, regardless of the PC's macro security level. It has worked fine for me, so far. (3) User level security. Jet had one of the most sophisticated security models in any desktop database. It was only let down by some simple mistakes that could have been fixed quite easily. (I'm not guessing, I know exactly how it all works under the hood, and how it could be changed, but this is not the place for that discussion.) Instead, you seem to be saying that you have thrown the whole model out, completely! (when people use the new file format) Is that so? If so, what have you repaced it with? I must say, this is not what I expected. I expected that you would address the actual problems that actual people actually have when they actually try to create a secured database! Most of those probems revolve around workgroup files, and their place in the process. Your post did not mention workgroup files. Are they still used? Do they work the same way? I'm disappointed. Please lose sleep about that! :-)

I use one Macro... it actually just runs a VBA subroutine though. It's only there so I can easily run a subroutine that I don't keep a button for on the main form. But could such a macro be marked safe?

You’re doing away with ULS *entirely*? What a shame. I’ve never used it for security, but find it a useful tool for the custom navigation you speak of. Now what will I do? Although Access 12 will allow customization in the NavPane, how will this be accomplished with multiple groups of users and the need to have a different NavPane for each?

Erik,

I'm both concerned and puzzled. First you say, "ACE will no longer support the JET concept of user level security for new file formats..." Then you say, "Access 12 will both make the product more secure through things like the improved encryption and clearer user-level security..." My puzzle is whether you are eliminating User Level Security all together or not. My concern is that you are eliminating it. One of the strengths of Access is that developers can create applications in a wide variety of ways. User Level Security has provided one of the tools that developers have at their disposal to allow users access to certain types of data while, at the same time, denying them access to other data. The Jet ULS model gives them that ability. If you eliminate it all together and a company chooses to NOT put their data in SQL Server and/or Share Point, then you have effectively removed this ability. That is NOT a good idea. Microsoft had high hopes that the Access user community would move over to MSDE. That didn't happen. The hope that they will all mover over to SQL Server or Share Point may well suffer the same fate. If you remove Jet ULS altogether, then you leave developers with no way to provide the kind of rich user interfaces and access levels that they want and need. I sure hope you will reconsider this choice. Lynn Trapp

Access MVP

Erik: I have long thought that Jet ULS suffered from two problems:

1. It has an aspect of "pretty good but not 100% secure" coupled with "not well understood and applied by casual Access devs". But often the "pretty good" is good enough, and the "not 100% secure" is OK. Meanwhile, part of the reason for its misapplication is the historically weak docs, and the degree to which the UI frustrates attempts to get the full overview of current security settings. I myself ended up developing a tool (available at grahamwideman.com) to reveal "at a glance" the current state of users, groups and permissions, mostly in order to learn how it *really* behaves... which is ultimately sensible but not at all transparent in the UI. 2. It's *highly* useful in a scenario that gets very little attention, and isn't "mainstream ULS" so to speak. Jet allows us to write standalone apps (with DAO) that to the user appear to have "document files" (actually mdbs which the app reads and write using SQL), and which can also be very usefully viewed/queried *RO* by the user in Access (ie: freedom to browse the data without worry of damaging it). While you can of course implement the permissions aspect of this in MSDE, it's a totally different file management model from the perspective on an end-user (of my apps). Bottom line: I *hope* that whatever file-based DB engine we go forward with will continue to support the scenario just mentioned, with the ability to distinguish users and permissions and at the same time allow end-users to treat the files like any other doc files. If encryption is better, great, but much of the time I (and many clients) don't care. (And the cases where they *do* care often coincide with cases where a server solution is acceptable or desirable).

Graham wrote:

> "pretty good but not 100% secure" The really frustrating thing, is that two of the key deficiencies would be so easy to fix. > The ability to reverse engineer the plaintext passwords from a workgroup file, is due to a simple error in how they encrypt the passwords. This could be fixed by reversing two parameters; ie. (probably) a 2-line change to the Jet source code. > The ability to instantly decrypt an encrypted database, could be fixed by the simple expedient of deriving the RC4 key from the database password. There would be no change to the Jet file structure, at all. Those two changes are so straightforward, IMHO, that I may even develop a product which does them!

If ULS is removed from Access then I would no longer have a use for the product at my place of work and everything I have developed so far would be migrated to Oracle. I don't have an option to use an SQL BE because to do so would be against our company's IT policy. In a nutshell, no ULS, no customer.

I don't know if I missed someone else making this point, but JET stands for "Joint Engine Technology". Do I get points for knowing that? I still use macros sometimes - they are quick to create and easy to read and maintain - but I wouldn't miss them if they were gone.

ULS is pretty much a waste of time for security because we even have MVP's like Jeff Conrad and Tony Toews posting cracks. However, it still has a use for marginal security and/or to differentiate users, which is a functional more than a security advantage. Overall, I would vote that ULS be retained, and some improvement to the password cracking be made along the lines suggested by TC.

Keith wrote:

> If ULS is removed from Access then ... everything I have

> developed so far would be migrated to Oracle. I don't

> have an option to use an SQL BE because to do so would be

> against our company's IT policy. Not sure I understand that. Do you actually mean, an "SQL*Server" BE? If so, you could link to an Oracle BE just as easily as an SQL*Server one.

Access works great as a frontend to SQL but it can be considerably enhanced. I, for one, am concerned about the lack of discussion (up to this point) regarding ADP enhancements. Perhaps you'll devote a little time to that subject in a future post. I regularly have discussions with myself about moving our development from Access to .net since SQL Server is our data storage choice. The ease of development and built-in user-friendly tools in Access keep me here but I would really like to hear that Access is continuing to develop as a better front-end app for SQL. Thanks.

I totally agree with Bill Holt. ADPs are absolutely critical for Access/SQL Server users. We long ago left MDBs because of the trivial ease of cracking the security model, and to take advantage of OLE-DB. I don't really use MDBs much anymore, but I am very worried about the future of the ADP. On another security note, the VBA code passwords are also a joke - it takes a millisecond to crack with freeware available on the Internet. Please give us secure VBA passwords, and VBA project encryption.

TC - Oracle is a full system - it does not have to rely on Access or any other Front End, unlike SQL Server. I understood Keith to mean it may be worthwhile getting out of the scenario of unsecure front ends entirely.

Regards

Looks like from some of the responses here that there are several distinct streams that Access is being used for (the percentage of its use cannot and should not however, be gauged on the one vocal response as it cannot represent the large number of Access apps created by programmers and non programmers). Access JET .mdb is a very mature technology. It is very understood by senior developers since it is at least 10 years old. I would expect not to "chuck it out" considering that there is a continuing revenue source from it's support. By "chuck it out" meaning to stop adding features to it or making new Access features inoperative if you select it. The ULS has always been problematical because it is onerous to administer but it has one facet - it allows us to simply differentiate users (user login) and differentiate between the developer vs the user (them and us) in terms of object permissions and design. Of course, third party could re-invent the whole thing if ULS disappears but breaking it does not make sense. Access + SQL Server looks like gaining some ground - this despite the fact that Jet cannot insulate the event handling and the performance impacts. And that .ADP is such a weap wrapper over SQL-DMO and OLEDB. And that Access is not a three tier animal supporting business objects and class abstraction. Access + Sharepoint which Eric assures us is growing waay fast - (as fast as the number of Access Team Members in Microsoft?). I may not doubt the growth rate, but I doubt the quantum compared to the previous two architectures. So, where is Access headed? And will we get a better beast which can is multi-faceted or will we get an beast which is all features and no substance?