Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
2revup
Posting Yak Master
112 Posts |
 Posted - 2007-12-11 : 23:05:04
|
| I know this seems like a strange ask, but we have a common user and pass in most of our web applications and this user requires DBO access to the database, no problem is occasioannly we need to let a developer look at an issue on a production server, so we port them through to sql through the firewall so they can see it it, and they normally login wih there domain/username and this way they are restricted to what they can see and do. However all developers know the SQL user and pass used in the web app, they also know its a DBO, so this means they can login with these user details and have access to everything. My question is how can i lock this down so i can deny access from the SQL management console for this particular user, but still allow the user to act as a DBO for the web applications.your help here is appreciated.ThanksBrad |
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2007-12-11 : 23:16:21
|
| Only way is reset password and don't let developers know new password. |
 |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2007-12-11 : 23:18:22
|
| You'd have to do this at the network level as SQL Server has no way to restrict by tool, computer, ...But then the developers could just go to the web server and use tools from there to get in and bypass the network security you put in place. This is one of the many reasons why you should restrict access to the database users. We only allow access via stored procedures (most apps) or via db_datareader/db_datawriter (other apps).Tara KizerMicrosoft MVP for Windows Server System - SQL Serverhttp://weblogs.sqlteam.com/tarad/ |
|
|
|
2revup
Posting Yak Master
112 Posts |
Posted - 2007-12-13 : 20:31:52
|
| Thanks guys, as for change the pass and dont let them know thats much easier said then done. We have over in excess of 300 Web apps and god knows how many web.configs.thanks for the help guys i am going to see how else i can battle this one. |
|
|
|
|
|
|
Deny SQL user access