Re: Preventing unauthorized access

From: Dandy Weyn (mct_at_dandyman.net)
Date: 11/17/03


Date: Mon, 17 Nov 2003 23:21:35 +0100

Why not using application roles, activate the application roles from within
the applications, only apply permissions to the application role.

Dba's will still be able to access the data, offcourse permissions need to
be set on the corresponding objects, no matter if it is a stored procedure
that needs execute permission or a table that needs select permissions.

Regards,

Dandy Weyn
MCSE, MCSA, MCDBA, MCT

"Sydney Lotterby" <sydney@infosearch.com> wrote in message
news:OC2fa5RrDHA.3844@tk2msftngp13.phx.gbl...
> (SQL7/2K)
> I have several dbs that I don't want anyone to open up in either
Enterprise
> Mgr, QA or an app that they might write. In short I don't want anyone to
> see the structure or contents of the dbs other than via my app. How can
> this be done simply?
>
> tia
>
>



Relevant Pages

  • Re: SQL 2000 Windows Authentication - Same User Multiple Groups
    ... functionality using our WinForm app and read-only functionality using ... SQL Server permissions are not application-aware. ... App1 contains CRUD functionality using stored procs (EXEC perms on ...
    (microsoft.public.sqlserver.security)
  • Re: Copying Files from Network to Local
    ... working using Code Access Security, ... website has less trust associated with it, and less permissions assigned ... However, when the app resides on a network drive, copying ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: ASP App Hangs. ALL FIXED!
    ... It seems that when you disable Script Blocking in NAV (actually SYM ... > Up until the other day, the app worked without problems. ... > volume and has the correct permissions assigned and have not ...
    (microsoft.public.inetserver.asp.general)
  • Re: Strange problem with PDW
    ... There are no permissions involved. ... My app has a sequence where if a certain dircetory does not exist it is ... installing your app since it apparently installed OK (afterall, ... Each newer version of Windows restricts user-rights a little bit more. ...
    (microsoft.public.vb.general.discussion)
  • Re: login security question
    ... Say the password for the Application role is found, can a user access the database through the Query Analyser or Enterprise Manager using the application rolde/password. ... > validated and converted to an owner profile, ... > 2) Give the Application Role the appropriate permissions. ... > what the stored proc is called) using the secret password for the App Role ...
    (microsoft.public.sqlserver.server)