Re: block user direct access to SQL
From: Sue Hoegemeier (Sue_H_at_nomail.please)
Date: 10/07/03
- Next message: Yoshihiro Kawabata: "How DENY create temp proc."
- Previous message: Andrew J. Kelly: "Re: BACKUPS - allowing anyone to perform one"
- In reply to: HH: "block user direct access to SQL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 06 Oct 2003 19:39:48 -0600
I don't think there is a way to block that login if the user
knows it and it needs it to access the database via the app.
You could likely detect when/if it accessed the database
outside of this application and you could kill the process
but I don't think you can block it. Additionally, I used the
term likely as detecting application name/program name is
based on the connection code or front end and this can be
altered so it's not totally reliable.
-Sue
On Fri, 3 Oct 2003 06:56:24 -0700, "HH" <hh@hotmail.com>
wrote:
>Hi All,
>
>we are using an accounting package which will configure
>each user in the app to ba a sql login and database user
>as well. for example, if a user 'AcctUser' is added to
>the accounting package as a user, the accounting package
>not only create a valid user 'AcctUser' for the app, it
>also creates a login 'AcctUser' for to the SQL box and
>grant read/write access to the database. So the user can
>simply use the username and password to access SQL
>directly from any application, such as Excel, Word, VB
>etc.
>
>I am wondering if there is any way to block this user
>from accessing SQL box except through the accounting
>package. Please help.
>
>By the way, this accounting package is a 3-party app, we
>cannot change the way it works.
>
>Thanks.
>
- Next message: Yoshihiro Kawabata: "How DENY create temp proc."
- Previous message: Andrew J. Kelly: "Re: BACKUPS - allowing anyone to perform one"
- In reply to: HH: "block user direct access to SQL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
