Re: Locking out MS Access Users...

From: Sue Hoegemeier (Sue_H_at_nomail.please)
Date: 02/24/05

• Next message: Sue Hoegemeier: "Re: problem with space"
• Previous message: rich: "Re: Locking out MS Access Users..."
• In reply to: rich: "Re: Locking out MS Access Users..."
• Next in thread: Ross Presser: "Re: Locking out MS Access Users..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 24 Feb 2005 13:31:38 -0700

Some places write jobs to kill spids based on application
names connected to SQL Server. That doesn't prevent much as
it works after the fact. I also worked at a couple of places
where we traced who logged in not using the corporate
applications. Sometimes if you'd tell them exactly what they
were doing at what time on what day, they'd be freaked out
enough to discontinue or not go in as much.

-Sue

On Thu, 24 Feb 2005 12:15:12 -0800, "rich"
<rich@discussions.microsoft.com> wrote:

>The web application uses Integrated security so their Windows accounts
>(technically the Windows Groups their user accounts are members of) are SQL
>logins. Database Roles have been created with permissions set for the stored
>procs, etc. As a result, they can also open Access, create an adp, connect
>to the SQL database using Windows authentication, and the sp's, UDF's, etc
>show up. Because the database role their user account belongs to has
>"execute" permissions for the web application they can then also execute the
>sp from Access.
>
>"Steve Thompson" wrote:
>
>> "rich" <rich@discussions.microsoft.com> wrote in message
>> news:14E83BBA-95CC-4221-8634-9B1821BAF19D@microsoft.com...
>> > I have an ASP.NET web application that uses a SQL Server 2000 database. I
>> am
>> > forced to use Impersonation/Delegation with Windows accounts so that we
>> can
>> > audit activity at the database level. However, everyone in the
>> organization
>> > also has MS Access on their desktop. How can I prevent MS Access users
>> from
>> > creating a new .adp and executing any of the stored procedures created
>> > specifically and solely for the web application?
>>
>> While you cannot prevent them creating a new ADP, how (or why) do the Access
>> users have access to store procedures that would access the SQL Server 2000
>> db?
>>
>> Steve
>>
>>
>>

• Next message: Sue Hoegemeier: "Re: problem with space"
• Previous message: rich: "Re: Locking out MS Access Users..."
• In reply to: rich: "Re: Locking out MS Access Users..."
• Next in thread: Ross Presser: "Re: Locking out MS Access Users..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Single Sign on ... > do is create an NT global group that contains your user accounts. ... > group appropriate permissions in SQL Server and appropriate permissions to ... This is SQL Server Windows Authentication model and only ... (microsoft.public.sqlserver.setup) Re: Locking down database accounts ... Windows Authentication rather than SQL Server user accounts and passwords. ... (microsoft.public.sqlserver.security) Re: master db ... This means you are managing user accounts within the application instead of ... managing them via SQL Server. ... SQL Server or Windows far outweigh the cons. ... (microsoft.public.sqlserver.clients) Re: question ... query and filtering ... > If the data is stored on SQL Server you can create user accounts on SQL ... Open Enterprise Manager and look at the Security node under the ... Use database Roles to assign ... (microsoft.public.access.queries) Re: ODBC Connection - read/write access ... SQL Server will not accept a connection from any API unless that connection ... You have to specifically add logins to SQL Server before other people can ... those user accounts. ... (microsoft.public.sqlserver.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint