Re: Limiting a user to only executing a stored only that access anothe

I assume that you are using SQL 2000.

Your suggestion of creating a db that only contains sprocs (no data) and
accesses a second db could serve your purpose. Be sure that the 'general
login' does not exists in the db containing data. Any activity that requires
admin privileges, such as using xp_cmdshell won't work unless the 'general
login' has admin privileges in the data db -therefore defeating your
'scheme'.

They will be able to access the sproc definitions so this will hot allow you
to obfuscate object names -if that is of any importance. Encryption would
help with that.

It sounds like you are providing them access through your firewall. Have you
taken precautions such as a firewall rule that restricts access to the IP
ranges from the vendor? (If not, the world will be testing their cracking
tools on your server.)

--
Arnie Rowland*
"To be successful, your heart must accompany your knowledge."



"Michael @ SGMS" <MichaelSGMS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:560B14F2-3874-441C-AAC9-F30A35EC23B4@xxxxxxxxxxxxxxxx
We deal with third party vendors that we are required to grant access to
data
in our database. They have Enterprise Manager, so when a general login
in
is created they can see iyr views tables, stored procs, and any other
object.
( I know about encryption, but I want to go further than that )

What I would like is to create another database, that has only stored
procedures in it that access data in other dbs. Can this be done? Is
there
an easier way to meet my objective? I don't want third parties looking at
anything regardless of the tool they are using.

In the near future we will make our data that is public available through
a
Web service, but in the meantime is there an answer?


.

Relevant Pages