Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
nivaskhan
Starting Member
17 Posts |
 Posted - 2003-10-10 : 03:06:05
|
| Hi Folks,I need to find a solution for the below.I have an application which has been installed on several machines(abt 100) which talks to an central database server thru the DSN that was created during installation of the application.Windows authentication is used by the DSN and the Windows group containing the user has been added as a user to the SQL box.The problem I am facing is that some of the user machines has got SQL client installed.Bcoz of this they are able to access the SQL box using the Query Analyser or any other tool.I want the users to connect to the sql machine only thru the application and not thru any other tool.Is there a way to control this.Pls let me know...and this is urgent..Regards,Nivas |
|
|
OMB
Yak Posting Veteran
88 Posts |
Posted - 2003-10-10 : 05:09:03
|
| nivascreate an application role in the SQL database and add the relevant users to the role then in the dsn provide the user as the group |
 |
|
|
nivaskhan
Starting Member
17 Posts |
Posted - 2003-10-10 : 05:56:29
|
Thanks for the reply OMB..Since the number of users are more...changing the dsn properties is i guess will need more time..and I dont have much time to work on this issue.I can do one thing..Install the application on a machine. Provide the shortcut of that to all the users. Each user will already have a pre-configured dsn for the application.from the central application box..is there a way to control the access to the DB...Pls...help... Regards,Nivas |
|
|
|
raymondpeacock
Constraint Violating Yak Guru
367 Posts |
Posted - 2003-10-10 : 06:04:16
|
| I may be wrong, but I don't think that you can limit access by a user dependant on what application they are using at the time. Having granted Windows Authentication to the user, SQL will allow the user access regardless of what tool they use (your application, or Query Analyzer). Given your time restriction, all you can do is limit their access within the server to the objects that the application uses (i.e. just one particular database for example). You could also setup profiling to monitor users access which would then show the application they used and retrospectively deal with users using Query Analyzer (un-installing it from their machine perhaps).Sorry for the bad newsRaymond |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2003-10-10 : 12:50:56
|
| I'm curious as to why these users have the SQL Client Tools installed? Are they developers or something like that? If so, then why wouldn't you want them to have the access? How much access do they have? You might have to call a meeting with them to let them know that even though they are able to access the SQL Server outside of your application that they shouldn't be doing so. If they continue, then just notify the appropriate management people.Tara |
|
|
|
|
|
|
Application Security