I suppose it really depends on what level of security you want. Is the data sensitive? Do you want to keep out 'nosey users' User level security is a pain to implement, at least that is my experience. Passworded DB's are not that secure as you can easily find out the password. No, I would go down the road of MDE . Just my two pennyworth.