Re: Locking out MS Access Users...
From: rich (rich_at_discussions.microsoft.com)
Date: 02/25/05
- Next message: Kevin McDonnell [MSFT]: "Re: Changing SQL startup account"
- Previous message: Ross Presser: "Re: Locking out MS Access Users..."
- In reply to: Ross Presser: "Re: Locking out MS Access Users..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Feb 2005 14:39:03 -0800
Thanks for everyone's replies. All good suggestions. It's unfortunate there
isn't a simpler way to lockout particular applications.
"Ross Presser" wrote:
> On Thu, 24 Feb 2005 12:15:12 -0800, rich wrote:
>
> > The web application uses Integrated security so their Windows accounts
> > (technically the Windows Groups their user accounts are members of) are SQL
> > logins. Database Roles have been created with permissions set for the stored
> > procs, etc. As a result, they can also open Access, create an adp, connect
> > to the SQL database using Windows authentication, and the sp's, UDF's, etc
> > show up. Because the database role their user account belongs to has
> > "execute" permissions for the web application they can then also execute the
> > sp from Access.
>
> It would be a pain, but you could alter every stored procedures to check
> host_name() against the web server's name, or app_name() against your web
> app, and bomb out if you detect unauthorized use. Then remove all
> select,insert,delete,update,etc. permissions on tables from the db role,
> leaving them only with execute permission on the sp's.
>
- Next message: Kevin McDonnell [MSFT]: "Re: Changing SQL startup account"
- Previous message: Ross Presser: "Re: Locking out MS Access Users..."
- In reply to: Ross Presser: "Re: Locking out MS Access Users..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
