The following information details how to create and implement User-Level Security using

Microsoft Access 2000. These steps have been thoroughly tested and have been found to work
correctly. Please ensure that you follow the steps and instructions completely to recreate this
process. The author takes no responsibility for any problems that arise due to these instructions
not being adhered to. Always remember to BACK-UP any files (database and workgroup) prior to
testing these procedures.

Task A-1: Creating a new workgroup information file

Objective: To create a new System.mdw with a new name

1. Exit Access
2. Using the Windows Explorer, open the folder C:\Program Files\
Microsoft Office\Office. This folder is where the System.mdw is located with a
fresh installation of Microsoft Office 2000
3. Copy the file SYSTEM.MDW to the root of your computer’s hard drive
(don't move the file) to make a backup copy of the file.
4. In the Microsoft Office folder, double-click on MS Access Workgroup
Administrator.

This is a shortcut to the Wrkgadm.exe program that, when executed, runs the
Workgroup Administrator.
5. In the first dialog box is the name, company and workgroup to which you are
joined.

6. Click Create to open the Workgroup Owner Information dialog box, which you
can use to create a new workgroup information file.

7. In the Name text box, type in your name.

8. In the Organisation text box, type in your organisation name.
9. In the Workgroup ID text box, type in mywid.

10. Click OK to accept this information and open the Workgroup Information File
dialog box.
11. Using the default path, change the database filename to
MySystem.mdw.

12. Click OK to accept the default path and new name for the new workgroup
information file, C:\Program Files\Microsoft Office\Office\MySystem.mdw
13. In the Confirm Workgroup Information dialog box, verify that the
information you typed is correct.

14. Click OK. You must confirm your entries for the new workgroup information
file.
15. In the message box indicating that you have successfully created the
workgroup information file, click OK.

16. Look at the changes in the Workgroup Administrator dialog box.

There's the information that you entered for the new workgroup information
file. This workgroup information file is used the next time that you start up
Microsoft Access, so there is no need to join the workgroup now.

17. Click Exit to close the Workgroup Administrator and display the contents of the
Office folder in the Windows Explorer. Notice that the new file, MySystem.mdw,
isn't displayed. You may need to refresh the view to see it.
18. Choose View, Refresh. Scroll to see MySystem.mdw and System.mdw. Both
workgroup information files are saved in the same folder.
19. Before you close Windows Explorer, make a shortcut to the
MSAccess.exe on the desktop. You'll be exiting and starting Microsoft
Access several times during this tutorial and a desktop shortcut makes
restarting Microsoft Access more convenient.
20. Close Windows Explorer.
Microsoft Access Database Security - Setting Logon Procedures:

If you do not activate the logon procedure, you are automatically logged on under the
Admin user account, for which there is an empty password. If you want to require
users to log on to start Access, you can change the password of the Admin user
account. The Admin user is a member of the Admins (Administrator) group. The Admin
user account is the same for every installation of Access. Administrators always have
full permissions for objects created in the workgroup.

An Access password is case-sensitive and can have up to 14 characters, including any

ASCII characters except null (ASCII character 0). When you type your password in the
New Password text box, asterisks are displayed to maintain your password’s security.
The first time you set a password, do not type anything in the Old Password text box.

Before completing the following activities, please ensure that you have followed the
previous exercise: Steps to Securing an Access Database by Using User-level Security

Task A-2: Activating the logon procedure

Objective: To change the logon password for the user named Admin to turn on security
for the MyNewApp.mdb database. Please download the MyNewApp.mdb database
before starting this tutorial.

1. Start Access. Do not open a database

2. Choose Tools, Security, User And Group Accounts. You use the User And
Group Accounts dialog box to define user names, group membership, group
names, and a logon password.
3. Verify that the Users tab is selected and that Admin is selected in the
User Name text box. You're goint to change the password for this user.

4. Select the Change Logon Password tab. In the New Password text box,
type password. (Don't type in the Old Password text box because there is no
old password.) Passwords are case-sensitive. Notice that an asterisk is
displayed for each character that you type.
5. In the Verfiy text box, type password. Accuracy is essential! The password
text boxes should look identical.

6. Click OK to accept your new password.

7. Exit Access.
8. Start Access. Try to open MyNewApp.mdb. The Logon dialog box opens
before you can open the database. You must enter a valid user name and
 password.

9. In the Name text box, type Admin. In the Password text box, type
password.

10. Click OK. Now MyNewApp.mdb opens!

Microsoft Access Database Security - Group Accounts:

When you install Microsoft Access, you get one user account and two group accounts:

 The Admin account is the default user account.

 The Admins account is the system administrator’s group account. The Access
Setup program automatically adds the Admin user account to the Admins
group.
 The Users account is a group account that comprises all the user accounts.
When you create a user account, it is automatically added to the Users group.
Everyone is always a member of the Users group and can't be removed.

You can log on to Access with a user account, but not with a group account.

It is easier if you organise your users into groups and assign permissions to each
group, rather than to individual users. A user can be a member of more than one
group, and inherits all of the permissions of each group. A good design strategy is to
add permissions to the groups, and add users to the appropriate group(s).

A Personal Identifier (PID) is a character string that is used in conjunction with the
account name to identify a user or group. The PID is specified when you create a new
user or group. You should record this case-sensitive code in case you need to recreate
the workgroup information file. Note that the PID is not a password. It's another means
of identifying who you are to Microsoft Access.

Let's create two group accounts and set a unique PID for each one.

Before completing the following activities, please ensure that you have followed the
previous exercise: Setting Logon Procedures

Task A-3: Creating Group Accounts in Microsoft Access

Objective: To create two new group accounts, one for the group who does Order Entry,
and the second for the Sales Managers group. This information relates to the sample
Microsoft Access database download

1. Close MyNewApp.mdb without exiting Access. You don't need to have a

database open to create accounts.
2. Choose Tools, Security, User and Group Accounts.
3. In the User And Group Accounts dialog box, notice the Available
Groups list in the Group Membership section. There are two groups
available, one named Admins and the other named Users.

4. Select the Groups tab. Display the Name drop-down list.

The same two groups are listed here. You're going to create two new groups to
add to this list.
5. Close the Name drop-down list. Click New to open the New User/Group
dialog box, which is what you'll use to create new group accounts, one at a
time.
6. Create the following group:

Name: Order Entry

Personal ID: orderpid

All the characters are case-sensitive.

7. Click OK.
8. Create another group as follows:

Name: Sales Managers

Personal ID: salespid

9. Click OK.
10. Display the Name drop down list. Notice that four groups are now listed,
including your two new groups.

Now that you've created new group accounts, it's time to create new user accounts.
Microsoft Access Database Security - User Accounts:

Now that you've created new Microsoft Access Group Accounts, it's time to create new
user accounts in Microsoft Access.

When you create user accounts for an application, those accounts are stored in the
workgroup that the users join when they use the application. Therefore, before you
create the user accounts, you should make sure that you are in the correct workgroup
information file.

You can add a user to a group account or remove a user from a group account by
making selections in the Users tab of the Users And Group Accounts dialog box.
Similarly, you can delete a user account or a group account from a workgroup by
making selections in the Users tab or the Groups tab of the Users And Group Accounts
dialog box. You cannot delete the group accounts Admins or Users.

Task A-4: Creating User Accounts in Microsoft Access

Objective: To create the administrator's user account as well as four other user
accounts, and to assign each user to a group. This information relates to the sample
Microsoft Access database download

Before you begin: The User and Group Accounts dialog box is open, and the Order
Entry and Sales Managers group accounts are created - please complete the previous
tutorial Setting up Microsoft Access Group Accounts before starting.

1. Select the Users tab.

2. Display the Name drop-down list. There's only one user listed, Admin.
You're going to create five more users to add to this list.
3. In the Groups section, look at the Available Groups list. Four groups are
listed, including the two that you created. You can assign users to these groups.

4. In the User section, click New to open the New User/Group dialog box.
5. Create a user account for yourself, as follows:

Name: (Your Name)

Personal ID: mypid

Click OK.

6. From the User Name drop-down list, select your name.

7. From the Available Group list, verify that Admins is selected. Click Add
to create a security administrator account with you as administrator. You are a
member of the Admins group. As such you inherit Administer rights to import
 files, create new users, and assign permissions.

8. Create the following new user accounts and assign each user to the indicated group
accounts:
User Name Personal ID Group Membership
Olivia E oliviapid Order Entry; Users
Oscar D oscarpid Order Entry; Users
Scott S scottpid Sales Managers; Users
Susan M susanpid Sales Managers; Users
9. Display and scroll through the Name drop-down list. Now there are six
user accounts, including Admin, yourself, and the additional four that you have
created.
10. In the User And Group Accounts dialog box, click OK to accept your
account additions.

Microsoft Access Database Security - Changing a Password:

Now that you've created new Microsoft Access User Accounts, it's time to look at
Security Account Passwords.

Passwords that are entered when you log on to Access are known as Security Account
Passwords. The primary purpose of these passwords is to ensure that no other user
can log on using your name. If this is the first time you are adding a password to your
Access account, you do not have to use the Old Password text box.

The Admin user has full permissions to all database objects. The Admin user’s
password is empty, so anyone can log on to Access as the Admin user. To make your
system more secure, you can remove the Admin user from the Admins group. In this
tutorial, you'll do just that.

Task A-5: Setting your logon password and removing the Admin user from
the Admins group

Objective: To add a password for yourself and to delete the Admin user. This
information relates to the sample Microsoft Access database download

1. Exit Access.
2. Start Access. Don't open a database.
3. Choose Tools, Security, User And Group Accounts. The Logon dialog box
opens.
4. Log on by using your name (as you typed it in when you created your own
user account) and no password. There's no password assigned to your name
yet. After you click OK, the User And Group Accounts dialog box opens.
5. Select the Change Logon Password tab.
 6. In the New Password and Verify text boxes, type password. Remember,
the password is case-sensitive.

7. Click Apply to accept the change and leave the dialog box open.
8. On the Users page, select the User Name Admin.

9. From the Member Of list, select Admins.

10. Click Remove to remove the Admin user from the Admins group. The Admin
user remains a member of the Users group only.

11. Click OK to accept the change and close the User And Group Accounts dialog
box.

Microsoft Access Database Security - The Security Wizard:

The Admin user owns all the objects in the database and has irrevocable permissions
to them. However, it is important to change the ownership to the project leader’s
account (you). When you create or copy an object, the user who is logged in becomes
the owner. The easiest way to change ownership of all objects in the database is to
first make sure your project leader is logged in, and then run the Security Wizard.

You can use the Security Wizard to create a new database and fill it with copies of the
objects of the database that is currently open. The Security Wizard exports copies of
all the objects from the original database. It also secures selected object types by
revoking all permissions in the Users group for those objects in the database. The new
database is encrypted, which means that it is indecipherable during electronic
transmission or when it is stored on a disk, tape, or other magnetic medium. All table
relationships and linked tables are recreated in the new database. However, the
original database is not changed.

Changing the Ownership of Database Objects

An object's owner is the user who creates that object, also known as the object's
creator. The owner of an object has Administer permissions. Other users cannot
change the object owner's permissions. If another user creates a new object in the
database, then that user is the owner of the object. Having different owners for all the
objects within a database can be cumbersome. The database will be easier to maintain
if one user is designated as the owner and takes responsibility for maintaining the
objects. You can change the owner of an object by using the Change Owner tab of the
User and Group Permissions dialog box.

Now let's use the Security Wizard to create an unsecured backup copy of the sample
Microsoft Access database download file: MyNewApp.mdb and to secure
MyNewApp.mdb. You should have already completed the previous tutorials within this
security section; details of each can be found at the bottom of this page.

Task A-6: Using the Microsoft Access Security Wizard

Objective: To create a new database that only certain users can access. This
information relates to the sample Microsoft Access database download

1. Exit Access. Start Access

2. Open MyNewApp.mdb. In the Logon dialog box, enter your password
and click OK.
3. Choose Tools, Security, User And Group Permissions.
4. Select the Change Owner tab. The form objects are displayed. Notice that
Admin is the owner of every form. Display different object types from the
Object Type drop-down list. Admin is the owner of every object type.

5. Click Cancel to dismiss the dialog box.

6. Choose Tools, Security, User-Level Security Wizard to run the Security
Wizard. Accept the default selection, Modify My Current Workgroup
Information File. Click Next.
7. You want to secure all database objects, which is the default wizard setting.
Select the All Objects tab and scroll through the list to verify that all
tables, queries, forms, reports and macros are checked.

8. Click Next.
9. In the next wizard dialog box, check these security group accounts:
Order Entry and Sales Managers. Each one defines specific permissions for
the users you'll assign to the group. To read the group permissions assigned to
each built-in group, select each group (but don't check any of the built-in
 groups)

10. Click Next.

11. In the next wizard dialog box, accept the default selection "No, The
Users Group Should Not Have Any Permissions". Any permissions you
assign to the Users group are the same permissions available to anyone with a
copy of Access. You want to completely lock out others.

12. Click Next.

13. In the next wizard dialog box, the users you've already added to the workgroup
information file are listed. You also have the option of adding new users. We're
not adding any users now, so click Next.

14. In the next wizard dialog box, you assign users to groups in the workgroup
information file. Select the option Select A Group And Assign Users To
The Group.

15. Your name is already assigned to the Admins group, and the other users are
already assigned to either the Order Entry or Sales Managers group. Use the
following graphics to select the group names and verify the users
assigned to them.
 16. Click Next to advance to the last wizard dialog box. Verify the name of the
backup copy of the unsecured database.

Also note that, after the database is secured, you'll get a report of the settings
that were used to create the users and groups in the workgroup information
file.
17. Click Finish and wait while the wizard secures the database objects and
creates the report.
18. Scroll through the One-Step Security Wizard Report. Notice that there's
an unsecured database (.bak file) and a secured database (.mdb file), both
stored in the folder. The report lists the secured objects, groups and users. It's
important to keep this information available in the report in case you ever need
to re-create the same workgroup file.
19. Close the report.
20. Click Yes to save the report as a Snapshot (.snp) file. Wait for the encryption
process to finish.

21. On the taskbar, you will see the Snapshot Viewer, and clicking this will
view the new file: MyNewApp.snp.
22. The snapshot report is saved in the same location as the database file.
23. Close the Snapshot Viewer.

Microsoft Access Database Security - Security Permissions:

Permissions

After you run the Security Wizard, you can manually change database and object
permissions for user and group accounts in a workgroup. It's advisable to assign
permissions to groups, not to users, because each user inherits the permissions
assigned to the group.

Permission Types
Each user has access to nine types of permission for data or objects in a database. The
following table describes the nine types of permission, and what each type enables a user
to do. To read more about these permissions, search Microsoft Access Help for
permissions, display the topic Work With Permissions, and select Types Of Permissions.

Permission Allows a user to Objects involved

Open/Run Open a database, form, or report. Run a macro. Databases, forms, reports
macros.
Open Open a database on a network, while ensuring that others Tables, queries, forms, rep
Exclusive cannot open the database while the first user has it open. macros, and modules.
Read Design View the design of objects. No changes to the design are Tables, queries, forms, rep
allowed. macros, and modules.
Modify Change the design of objects and delete objects. Tables, queries, forms, rep
Design macros, and modules.
Administer Set database passwords, replicate databases, and change Databases, tables, queries
startup properties. Have full access to objects and data, and forms, reports, macros, an
assign permissions for objects. modules.
Read Data View data, but not table designs or query designs. Tables and queries.
Update Data View and edit data, but not insert or delete data. Tables and queries.
Insert Data View and insert data, but not change or delete data. Tables and queries.
Delete Data View and delete data, but not change or insert data. Tables and queries.

Before starting the following exercise you should have already completed the previous
tutorials within this security section; details of each can be found at the bottom of this
page.

Task A-7: Granting permissions to a database and its objects

1. Choose Tools, Security, User And Group Permissions to display the User
And Group Permissions dialog box.
2. Select the Change Owner tab. Select different object types and notice
that you are the current owner of the database and all its objects

3. Select the Permissions tab. Let's take a look at the permissions assigned to
the users and groups, starting with the groups.
4. From the List options, select Groups. The Admins group is selected in the
User/Group Name list.

5. Explore the permissions assigned to various object types and group

names. Notice that the Order Entry, Sales Managers and Users groups have no
 permissions assigned to them. For the Users group, you want to leave it set
that way.
6. From the User/Group Name list, select Order Entry. You want to assign
permissions to this group.
7. From the Object Type drop-down list, select Database. In the
Permissions section, check Open/Run

8. Click Apply. All users in the Order Entry group have permission to open and
run the current database.
9. Now let's set the Order Entry group's permissions for the table objects in the
current database. From the Object Type drop-down list, select Table. From the
Object Name list, select all the table names.
10. In the Permissions section, check Update Data and Insert Data.
Uncheck Delete Data. Notice that the options Read Design and Read Data
are also checked by default with these options. Three options should be
unchecked: Modify Design, Administer, and Delete Data.

11. Click Apply.

12. Apply database and object permissions to groups according to the
specifications in the following table (select all object names for each object
type):
Group Object Type Permissions
Order Entry Query Read Design, Read Data, Update Data, Insert Data, Delete Data - a
Queries
Form Open/Run, Read Design - all Forms
Report Open/Run, Read Design - all Reports
Macro Open/Run - all Macros
 Sales Managers Database Open/Run
Table Read Data, Read Design - all Tables
Query Read Data, Read Design - all Queries
Form Open/Run - all Forms
Report Open/Run - all Reports
Macro Open/Run - all Macros
13. Click OK to close the dialog box.

Microsoft Access Database Security - Testing your Microsoft Access Database

Security:

After you've set up security for all groups and users, you will need to test it. Make sure
that each group has the options that you have selected in the User And Group
Permissions dialog box.

Task A-8: Testing Microsoft Access Database Security.

Objective: To test the various groups for the security that you set up in the previous
tutorial - Microsoft Access Database Security - Security Permissions

1. Exit Access. You'll need to log on as a different user to test security.

2. Start Access. Open MyNewApp.mdb. Log on with the name Susan M,
and no password. Susan M is a member of the Sales Managers group, so
you'll be testing the permissions you assigned to that group.
3. From the Database Window (Press F11 to display database window),
preview the report, Book and Customer Sales. Because the Sales
Managers group has permission to Open/Run all reports, Susan M can preview
this report.
4. Choose View, Design View. As Susan M, you don't have permission to view
the design of the report.

5. Click OK to dismiss the message box.

6. Close the report.
7. Now let's try to add a new customer to the database. From the database
window, open the Customer form. Look at the New Record navigation
button at the bottom of the form. It's dimmed. There's your first clue that you
can't add a new record.

8. But you still have the Add Customer button on the form, right? Click the Add
Customer button.

Another roadblock. You can't add a new record. The permission assignments
work the way that you want them to.
9. Click OK to dismiss the message box.
 10. Close the Customer form.
11. From the Switchboard, click Add Customer. You see a blank form.
12. Close the Customer form (Chose File, Close)
13. Exit Access.
14. Start Microsoft Access and open MyNewApp.mdb. Log on as Admin
with the password, "password".

The Admin user can't even get past Go.

15. Click OK to dismiss the message box.
16. Exit Access yet again.
17. Start Access, open MyNewApp.mdb, and log on with your name and
password (your password is password).

Microsoft Access Database Security - Documenting your Database Security:

Documenting Database Security

After you have established security for your application, you can print a security report
for a particular workgroup. In this report, you can see the security for both users and
groups, just users, or just groups. The report includes group names and user names,
and indicates which users and groups belong together in the particular workgroup. If
you want to send the security report directly to the printer, you can use the Print
Security dialog box to make selections about what level of security you want to
document.

Let's start by taking a look at your options to print a report about users and groups in
the sample database - MyNewApp.mdb. You will have created these user and group
accounts and permissions in the previous tutorials listed at the bottom of this page.

Task A-9: Printing reports about security users and groups.

1. Choose Tools, Security, User And Group Accounts to open the User And
Group Accounts dialog box.
2. Click Print Users And Groups to open the Print Security dialog box.

3. Take a look at the print security options.

You can print reports that show one of the following security levels:
 All users defined for the current workgroup.
 All groups defined for the current workgroup.
 Both user and group account information.
 All users in the current workgroup can print reports showing user and group
information.

4. Click Cancel. Because printed security reports are sent directly to a printer,
your computer must be attached to a printer if you click OK.
5. Close the User And Group Accounts dialog box. Next, you'll create a
report on a form with permissions for each user and group.

Microsoft Access Database Security - Previewing Security Permissions:

Previewing Permissions

If you want to view the permissions for a particular object, you can create a report that
includes the object’s design information and permissions listed by user and group. Use
the Database Documenter to view the definition for one object or multiple objects.

Let's use the Documenter to preview a report for user and group permissions as
they're set for the Customer form.

You will have created these user and group accounts and permissions in the previous
tutorials listed at the bottom of this page using the sample database -
MyNewApp.mdb..

Task A-10: Previewing reports about user and group permissions by object.

1. Choose Tools, Analyze, Documenter to open the Documenter dialog box.

2. Display the form objects. Check frmCustomer to run the report on just this
one form.

3. Click Options to open the Print Form Definition dialog box.

4. In the Include For Form section, uncheck Properties and Code. Check
Permissions By Users And Groups. To make your report run faster, check
only those options you need. Printing properties can fill up lots of pages.
 5. In the Include For Sections And Controls section, select Nothing. Again,
this is to keep the report shorter and include only the information you need.

6. Click OK to close the Print Form Definition dialog box.

7. Click OK to run the Documenter. This might take several minutes to run, so be
patient. The more information that you request from the Documenter, the
longer it takes to run the report.
8. In the Object Definition report for the Customer form, look at the user
and group permissions.
9. Close the report.

Microsoft Access Database Security - Securing a Database with a Database

Password:

To prevent unauthorised users from opening an application, you can add a database
password. However, a database password does not control what a user does once the
application is opened. To set a password, the database must open in exclusive mode.

Make sure to keep a record of the database password. If you lose or forget the
password, you cannot open the database or retrieve its data.

You can password-protect a database that contains tables that are linked to another
database. You must provide the password to the back-end database in a connection
string; you can save the password as part of the link to the tables. The password
information is added to the end of the connection string by using the password
identifier, PWD=password. To change the password, you need Administer permission
to the database object

Caution: Because many people will share the same database password, it is risky to
rely on the database password without implementing full user-security. One person
could change the password and lock everyone else out. With full user-security, you can
control who has rights to change the database password.

Unfortunately, people do lose or forget their passwords, making it impossible to access

that data. Luckily, it does not mean that the data is lost forever. Check out the
Microsoft Access Password Recovery Tools available.

Let's experiment by setting a database password using the sample database -

MyNewApp.mdb..

Task A-11: Setting a database password.

1. Close MyNewApp.mdb
2. Click the Open Database button - You need to use the Open dialog box.
 3. Select MyNewApp.mdb. Click on the arrow next to the Open button.

4. Choose Open Exclusive to open the MyNewApp.mdb database with exclusive

access. This gives you the sole access to the database when you have it open.
You can't set a database password if it's in shared access mode. By choosing
the Open Exclusive option, you prevent other users from opening the database
whilst you have it open.
5. Choose Tools, Security, Set Database Password to open the Set Database
dialog box.
6. In the Password and Verify text boxes, type dbpassword. Passwords are
case-sensitive.

7. Click OK to accept the database password and close the dialog box.
8. Close the database.
9. Let's test the password to see if it works. Open MyNewApp.mdb. You must
enter the database password to open the database.

10. Type dbpassword, and click OK. The database opens.

Removing the Database Password

You can remove the password you have set for a database. Once a password is set,
the choice in the Tools, Security menu choice becomes Unset Database Password. You
will be prompted for the password; it is case-sensitive. After you remove the database
password, anyone has access to the database.

Let's remove the database password you set for MyNewApp.mdb

Task A-12: Removing a database password.

1. Close MyNewApp.mdb. Open MyNewApp.mdb in Exclusive Mode.

2. Enter dbpassword. Click OK
3. Choose Tools, Security, Unset Database Password. Notice how this
command has a different name now that the database has a password set on it.
 4. In the Password text box, type dbpassword.

5. Click OK to accept the password and close the dialog box.

6. Let's test this change. Close the database.
7. Open MyNewApp.mdb. You didn't need to enter a database password to
open the database.

Microsoft Access Database Security - Distributing the Secured Application:

Because permissions are stored with application databases, and accounts and
passwords are stored with workgroups, users must have access to both the
appropriate databases and workgroups. To make an application database (or
databases) and workgroups available to users, you can do any of the following
procedures:

 Copy the workgroup information file that defines the workgroup to a network
server. Users can join this workgroup by specifying the network server path to
the workgroup information file.
 Provide each user with a copy of the workgroup information file that defines the
workgroup, so that the users can place it on their local workstation PC. Users
can then join the workgroup. One drawback to this method is that if you update
the workgroup you must give users separate copies of the updated files.
 If users are using different workgroup information files, you can create the
same group account in each workgroup instead of copying the whole workgroup
into the file. The common group account must have the same name and
personal identifier (PID) in each workgroup. You need to add the users in each
workgroup to the common group.
 In all cases, the application files (MDB’s) can be located on a shared network
drive or copied to the individual workstations. If a user’s permissions are
changed, you need to redistribute a copy of the application database to each
PC where that user needs to work.

You might not want to give users a copy of the workgroup information file that defines
the workgroup you used when you created the application, because then users might
get full permissions to databases and objects (if they can guess a password and log on
to Access as members of the Admins group).

Each user must have a copy of Access in order to run your application. If you want
users to run an application without having a copy of Access on their computers, you
must use the Package And Deployment Wizard included in the MS Office 2000
Developer's Edition. This wizard includes the files necessary to use the run-time
version of Microsoft Access. It has its own setup program that you can use to create a
custom run-time setup for each user’s computer.