It's been a BUSY month here in SharePoint land. I've been quite the busy traveler this month (Sweden, London, Cincinnati, Houston, Dallas, Louisville, and Vancouver already.) Hard to remember what fall in New England looks like (doubly true this year because it doesn't include the Red Sox.)
New England Afternoon © 2014 Christopher F. McNulty
I had some great feedback to my presentation on using Access Services to onboard line of business data to Office 365 and Power BI. (In case you didn't know, when you import data to Access Services on Office 365 you're also provisioning a SQL Azure database to house the data in the cloud.)
Access Services is principally focused on ease of use for the non-developer. The design services were intentionally simplified to prevent complex problems from being created. That's fine, but one of my attendees asks about data security controls. I didn't have enough time for a detailed response then. Anyway, here are the basic controls you can use.
Access Services on Office 365 give you a good range of control about how the backend database ca be secured.
You have full control over how to secure the backend database. By default, no external connections are enabled. Optional settings allow you to:
- Open up access from current location, or from anywhere
- Create a read-only SQL login and reset password
- Create a read-write SQL login and reset password
Users can only use Access Apps from sites where they have rights in the first place. However there's no simple way to assign permissions to the site alone from inside SharePoint permissions. If you need to restrict access to Access Apps, use a new site and restrict permissions on the site to the intended users and groups.
In addition, you can mark a table as readily to prevent any changes though the Access Services web UI. To do this, from the Access designer (Aces desktop application) you can select a table, choose the settings 'gear' and choose Lock Table.
Is this a complete set of data security controls? Clearly no. However, keep in mind that Access Services I intended for late weight, code-free power user app creation. If you have more complex application needs, Napa or Visual Studio provide richer application design experiences.