Re : Database security

• Previous message: Dan Guzman: "Re: sp_password"
• In reply to: vijay: "Re : Database security"
• Next in thread: Vijay: "Re : Database security"
• Reply: Vijay: "Re : Database security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 20 Jun 2003 07:37:29 -0700

We have an application that does a similar thing. What we
did was setup a current access table. Only Admin group
was granted write priv to this table. When admin program
started it first checked for a record in the table and
exited if there was one, meaning someone else was using
the admin code. If table was empty it attempted to write
a record to the table, if failed the user is not in the
admin group. When the user exited the admin code the
record was deleted. There is a datetime on the record in
case the admin code closes without deleting the record.

-Aaron

>-----Original Message-----
>I am using SQL Server NT Authentication in an
application.
>I have two NT groups 'GroupAdmin' and 'GroupUser' (these
>names can change and I don't want to hard code them in
>application). Both these groups access same database but
>with slightly different grants. I have two applications -
>Administration and User applications using the same
>database and NT authentication.
>
>a) How can I prevent a 'GroupUser' from accessing the
>Administration application. Basically, I need to know
>based on NT Authentication to which group the user
belongs
>and what grants the group has on different database
>objects to validate.
>b) Only one adminstrator can access 'Administration'
>application at a time and reject others.
>I am using 'sp_who' to screen who is accessing the
>database but I need to know who is in 'GroupAdmin'
>.
>

• Previous message: Dan Guzman: "Re: sp_password"
• In reply to: vijay: "Re : Database security"
• Next in thread: Vijay: "Re : Database security"
• Reply: Vijay: "Re : Database security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]