Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
pmanyara
Starting Member
5 Posts |
 Posted - 2008-03-14 : 02:02:17
|
| Dear Colleagues,I have designed a Microsoft SQL Server 2005 database application using Visual Basic 2005. I want to control access to the database programmatically, without the End-User opening the database in SQL Server.I want to protect the database structure such as my tables, code, etc. This restriction should include all the Administrators of the Computers on which my application will be deployed. Any modification of my database or code should be implemented only by me.What is the best way to do this using (a) Windows Authentication Login? (b) SQL Server Login? How do I configure the User-Login?NEW: In addition to above question, how best do I achieve this protection if installing the DB with other databases in an already existing server, is it possible to remove the Builtin Admin from the server role?? As in my case, there is no need for anyone else to open the DB in Management Studio at all as my VB application does all that is required.Thanks and best regards,Peter |
|
|
jackv
Master Smack Fu Yak Hacker
2179 Posts |
Posted - 2008-03-14 : 02:40:03
|
| Have a look at the Logins against your database and apply accordingly. Administrators may be more difficult , as they will probably have Backup rights. When you say "protect" do you mean - ability to edit or do you mean ability to see the definitions?Jack Vamvas--------------------Search IT jobs from multiple sources- http://www.ITjobfeed.com |
 |
|
|
pmanyara
Starting Member
5 Posts |
Posted - 2008-03-14 : 02:44:59
|
| Thanks for your invaluable input. When I say protect, in this case I mean both, protection from editing, and protection for definitions... |
|
|
|
maassql
Starting Member
13 Posts |
Posted - 2008-03-14 : 12:29:45
|
| Create 2 users in DB.a) one for your application to run underneath ( assumes server utilizing architecture )b) one for you.Before your app makes changes to database, then have it check its own security tables.I prefer Windows Authentication only.Anything will give up its secrets if you love it enough. -- George Washington Carver |
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2008-03-14 : 22:23:26
|
| But you can't stop sysadmin. |
|
|
|
pmanyara
Starting Member
5 Posts |
Posted - 2008-03-18 : 09:49:30
|
quote:
Originally posted by maassql
Create 2 users in DB.a) one for your application to run underneath ( assumes server utilizing architecture )b) one for you.Before your app makes changes to database, then have it check its own security tables.I prefer Windows Authentication only.Anything will give up its secrets if you love it enough. -- George Washington Carver
Thanks for this answer, its very useful. Please see whether you can comment on my additional question above. Thanks very much. |
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2008-03-21 : 19:48:37
|
| In fact, you should always remove builtin\administrators from sysadmin. |
|
|
|
|
|
|
|
|
HOW CAN I PROTECT SQL DB IN AN EXISTING SERVER?