During the server presentation today, some people asked questions about security. Since I have been a Beta tester of 10.2 for several months, and have implemented 10.2 in an office with 16 users, and since I had definite views about certain security issues, I developed some steps that I have used and thought it would be useful to share.
I have certain concerns and principles for how the shared databases should operate. The office is a law firm and information is handled carefully there.
-
I wanted to restrict certain databases to specific people. So I wanted to prevent users from downloading those databases. If not intentionally restricted, any user with access to the server could download any database; that was not acceptable to me.
-
The users are all non-computer people, so I wanted the interface to be as easy to use and with as much error checking as feasible to help everyone use the database correctly. Therefore, I wanted to restrict access to editing forms or procedures, and to restrict access to the datasheet. Whatever someone needed, whatever reports they needed, would all be programmed into procedures. Of course, the interface of the various databases work in a similar manner so a user can easily remember how to do various things.
By using the following steps, one can remove the view menu, which prevents access to forms, procedures, and the datasheet. The users still have access to the System Administrator window, but they cannot access the Databases tab or the sessions tab. With these restrictions, they would never need to access this after the database is set up and connected to any server.
(We have not used Encryption, but it seems like a good idea in some situations.)
All ordinary users are logged in to a User Role.
- While the database is standalone database, Select file/Database Options
In the database options window, lock the database to the account.
Set up the database entitlements to the User can open database, Developer can modify design, and Developer and Admin can use the Standard UI. (We don’t have any separate developers, so the developer entitlements are set the same as the Administrator.)
- Then Share the database.
When someone in a User Role opens the database, they will not have a View Menu. They cannot edit forms and procedures or switch to them using view. They cannot open the datasheet. They will not be able to access the datasheet.
My databases have all hidden the Toobar also, and User cannot show the Toolbar.