Re: Locking out MS Access Users...

From: rich (rich_at_discussions.microsoft.com)
Date: 02/24/05

• Next message: Sue Hoegemeier: "Re: Locking out MS Access Users..."
• Previous message: sabby: "RE: Does it require sa to create dts package?"
• In reply to: Steve Thompson: "Re: Locking out MS Access Users..."
• Next in thread: Sue Hoegemeier: "Re: Locking out MS Access Users..."
• Reply: Sue Hoegemeier: "Re: Locking out MS Access Users..."
• Reply: Ross Presser: "Re: Locking out MS Access Users..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 24 Feb 2005 12:15:12 -0800

The web application uses Integrated security so their Windows accounts
(technically the Windows Groups their user accounts are members of) are SQL
logins. Database Roles have been created with permissions set for the stored
procs, etc. As a result, they can also open Access, create an adp, connect
to the SQL database using Windows authentication, and the sp's, UDF's, etc
show up. Because the database role their user account belongs to has
"execute" permissions for the web application they can then also execute the
sp from Access.

"Steve Thompson" wrote:

> "rich" <rich@discussions.microsoft.com> wrote in message
> news:14E83BBA-95CC-4221-8634-9B1821BAF19D@microsoft.com...
> > I have an ASP.NET web application that uses a SQL Server 2000 database. I
> am
> > forced to use Impersonation/Delegation with Windows accounts so that we
> can
> > audit activity at the database level. However, everyone in the
> organization
> > also has MS Access on their desktop. How can I prevent MS Access users
> from
> > creating a new .adp and executing any of the stored procedures created
> > specifically and solely for the web application?
>
> While you cannot prevent them creating a new ADP, how (or why) do the Access
> users have access to store procedures that would access the SQL Server 2000
> db?
>
> Steve
>
>
>

---

• Next message: Sue Hoegemeier: "Re: Locking out MS Access Users..."
• Previous message: sabby: "RE: Does it require sa to create dts package?"
• In reply to: Steve Thompson: "Re: Locking out MS Access Users..."
• Next in thread: Sue Hoegemeier: "Re: Locking out MS Access Users..."
• Reply: Sue Hoegemeier: "Re: Locking out MS Access Users..."
• Reply: Ross Presser: "Re: Locking out MS Access Users..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Unable to logon with domain account - not the usual ... user accounts created for ... administrator (SQL), mydomain\UserA (Windows, my user account), ... I have removed project server and reinstalled, ... (microsoft.public.project.pro_and_server) SQL Login problem ... Our users use a third party app that connects to a SQL ... database on a windows 2003 member server. ... The user accounts that need access to the SQL Server ... (microsoft.public.sqlserver.clients) Re: Mixed mode in SQL server.. ... Did you use Windows authentication before and it worked? ... >authenticate users AND map to database roles, except using mixed mode in SQL ... (microsoft.public.dotnet.framework.aspnet.security) SQL Authenication problem ... Our users use a third party app that connects to a SQL ... database on a windows 2003 member server. ... The user accounts that need access to the SQL Server ... (microsoft.public.sqlserver.connect) Re: Locking out MS Access Users... ... > (technically the Windows Groups their user accounts are members of) are SQL ... Database Roles have been created with permissions set for the stored ... (microsoft.public.sqlserver.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.sqlserver.security  > 2005-02