Re: Blocking MS Access from linking tables...
From: Matthew Wells (MWells_at_FirstByte.net)
Date: 11/01/04
- Next message: Mani: "Re: Controlling create & drop proc, view privilege"
- Previous message: Michael Cheng [MSFT]: "RE: Encryptin stored procedures"
- Next in thread: Mary Chipman: "Re: Blocking MS Access from linking tables..."
- Reply: Mary Chipman: "Re: Blocking MS Access from linking tables..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 01 Nov 2004 14:29:21 GMT
I read that article. It seems to apply only to ADO conenctions. Aren't
linked tables DAO? Does connection pooling work the same way? This is a
database that was converted from Access to SQL Server. We have to lock down
the data from any outside attempts to get it. I don't want to use SQL
authentication because I don't want to maintain two sets of security logins.
I know that using an Access form can create multiple SPIDs on SQL Server
(combo box rowsources et al). What is the downside of using Application
Roles?
Thanks.
Matthew Wells
MWells@FirstFleet.com
"Mary Chipman" <mchip@online.microsoft.com> wrote in message
news:vh62o051su3gi6fsaljgvmh1me12b8fu8p@4ax.com...
> No. If you're using Windows authentication, and have granted
> users/roles permissions on the base tables, then they can get at the
> data no matter what tool they use. An alternative would be to revoke
> permissions to public on the tables, and create an Access application
> that does not use linked tables, but instead uses pass-through queries
> to execute stored procedures. This is a lot more work since you'll
> need to create an unbound FE, but it can be done. Only users who are
> comfortable working with stored procedures would be able to get at the
> data. Another option would be application roles, but they are a really
> poor choice for linked table apps. see
> http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q229564.
>
> --Mary
>
> On Thu, 28 Oct 2004 13:54:05 GMT, "Matthew Wells"
> <MWells@FirstByte.net> wrote:
>
> >Good morning...
> >
> >I have an Access front end that uses SQL Server linked tables. SQL
Server
> >uses Windows authentication. I have one Windows group that all Access
users
> >are a member of. I added that group to SQL Server logins and gave it
> >public, datareader, and datawriter rights to the one database that's
used.
> >My front end is locked down, but I want to stop users from creating a new
> >.mdb and linking SQL Server tables through DSNs or ADO connections or
even
> >just importing the links from the actual front end.. I've tried setting
the
> >"denydatareader" security policy - that keeps the SQL tables from being
seen
> >in the import/link list- but also blocks read rights from the actual
front
> >end database. I could set an Access database password on the front end
to
> >block importing the links, but that only solves one of the three problems
> >and I want to stay away from Access security altogether.
> >
> >Is there a way to stop users from creating their own DSNs or connection
> >objects or linking tables while still using Windows authentication?
> >
> >Thanks.
> >
> >Matthew Wells
> >MWells@FirstByte.net
> >
>
- Next message: Mani: "Re: Controlling create & drop proc, view privilege"
- Previous message: Michael Cheng [MSFT]: "RE: Encryptin stored procedures"
- Next in thread: Mary Chipman: "Re: Blocking MS Access from linking tables..."
- Reply: Mary Chipman: "Re: Blocking MS Access from linking tables..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
