Restricting Access To Sys And INFORMATION_SCHEMA Views In ODBC
Oct 23, 2007
Hi
I'm building a data warehouse - my end users connect using Access via ODBC Microsoft SQL Server driver (2000.85.1117.00).
However, whenever they connect using Access via ODBC they get a huge list of sys and INFORMATION_SCHEMA views, in addition to the data warehouse tables they need to access.
How can I remove these sys and INFORMATION_SCHEMA views from the list of tables/views presented to the end user?
I've tried denying access by changing permissions to deny in the public role of the master database - I have also changed permissions in the public role in the data warehouse database. When I do this, the ODBC connection fails to retrieve any objects because it doesn't have access to sys.databases (and various other unspecified objects).
I'm stuck - help!
We have allowed one of our clients to create views in our .net /sql application so they can build reports using MS Access. They have been doing so successfully for years. However lately they are experiencing Timeout Expired messages when in the actual web application. I have confirmed that several of the views when opened in Access do cause blocking, the locks are promptly realeased when the the access odbc of the sql view is closed.
When the views are opened in SQL query analyzer, there is no sql blocking.
Would this be related to how the tables are linked?
I'm having a really hard time displaying the structure of my database using INFORMATION_SCHEMA. Can this be used with Access? I've used it before for sql databases but when I try it with this access one I get an error message telling me: Can't find file c:...INFORMATION_SCHEMA.mdb
I'm hoping maybe there's another command that works just as well or some other way to get around it.
I'm using Visual Web Developer 2005 Express and my .aspx pages are coded using VB so any insights would be awesome!
Hi, I'm working with MSSQL2K+SP3a, Standard Edition. I defined linked server (MSDE). On the local server, I can do select * from [testDB].[INFORMATION_SCHEMA].[TABLES] -- local
select * from [testSRV].[testDB_far].[dbo].[sysobjects] -- linked
but not
select * from [testSRV].[testDB_far].[INFORMATION_SCHEMA].[TABLES]
How can I access the INFORMATION_SCHEMA on the linked server ?
First some explaination then the question. I have some users that legally or otherwise have gotten copies of SQL 2000 and installed it on thier local PC's. They are now using Enterprise Manager to connect to my database servers via IP and server name. They are using thier regular user id and passwords that they would use to log into the HR and Finance applications. For obvious reasons this is not a good thing. Now the question, can I some how restrict connections via EM to just thoses with an sa role? Or am I doing something else wrong or missed some hidden configuration.
I wish to setup a database that can be viewed only by a few users. How do I stop other users and the general public from seeing the database and its structures.
I have a user who I only want to provide access to a single folder within RS2005. I don't seem to be able todo this, they can either see everything or nothing at all.
Certain people in our company want to use Crystal Reports for data-processing. Problem is we want them to NOT be able to access data in databases within the live server.
Given that we use trusted connection to validate all kind of data-access, I am wondering if there is a way so that (via NT administration or via some SQL Server security features) the live-server can refuse any connection request from the Crystal Reports application. At the moment the same group of people are allowed access to database (and should remain to be so) on this "live" server via some other applications (e.g. Microsoft Access).
I'm going through the SQLSecurity Checklist I found at sqlsecurity.com. One of the points it says to "Restrict to sysadmins-only access to stored procedures and extended stored procedures that you believe could pose a threat." It also lists a bunch of stored procs and extended stored procs that you should consider restricting to sysadmins only. I was wondering if someone could give me some pointers on how to do this? I would like to write a script that I could run on every sql server 2000 install that would do this. How could I ensure that every user does not have access except the sysadmins?
I have a design problem which I am hoping somebody can shed some light on.
I am running SQL Server 2000 using SQL authenticaiton (due to be changed to Windows authentication in the next 6 months). I have a table in my database which we shall call monthly. I want to restrict the ability to insert to the monthly table to 2 stored procedures (proc_abc & proc_xy) which I have written which do various other validation checks before it inserts the data into monthly.
Users with the Foo function assigned are able to execute proc_abc & proc_xy
I have written a VB application which can be used by users who are not familiar with SQL to be able to execute these stored procedures. (Must have Foo function in order to login to this application).
I want to restrict the ability to execute the stored procedures to users using the VB application only, and thus not be able to execute the stored procedure using Query Analyzer or such like for any Foo user.
Is there anyway I can do this?
One suggestion put to me is two split the functions. Have one function lets call it Top which can access the VB application and then have another function called Bottom which is able to execute the stored procedures. Only the VB app would have access to the Bottom credentials. But is this secure? Would I just hard code the credentials for the Bottom function user within the VB app? This doesn's seem a secure way of doing things to me.
This is a slight re-stating from an older thread, which I think warrants some new discussion. The answer has always been that system administrators should have full access to everything on a system, including databases.
Although that is a logical position for internal IT departments it doesn't quite fit the model of systems with outsourced or external system support.
"If you don't trust your DBA, then you need a new DBA. They are in a position of authority for a reason and restricting that authority makes it impossible for them to do the job they are hired to do."
What about scenarios where you have local machine administrators that should NOT be given access to private data in a secured database, even though they need to be able to access and maintain everything else? And unfortunately some regulations are written about access to stored data whether encrypted or not...
In the modern world of Sarbanes-Oxley and PCI-DSS/CISP it is no longer so cut and dried. Especially where companies have software/hardware support contracts with third parties that require administrative access to other aspects of the systems.
So accepting that you might need someone to have administrative level access to the box but they should not be able to view the contents of a database installed on that box, what would you do?
Is there a way to create an adminstrative group that does not allow access to a specific named instance of SQL?
Is there a way to revoke access for one member of the administrators group only?
How would I set permission for SQL Server 2005 "User A" to prevent access to System and other user databases, also How to hide the databases that "User A" has no rights to. I mean, when User A logs in, All other user databases are not visible to him/her.
I am using VB.NET 2005 and set up an ODBC connection via ODBC.ODBCConnection to a MDB database. Therefor, I use the "Microsoft Access ODBC Driver (*.mdb)".
When I set up a ODBCCommand like "ALTER DATABASE..." or "CREATE TABLE..." and issue it with the com.ExecuteNonQuery() command, I get an error from ODBC driver, that a SQL statement has to begin with SELECT, INSERT, UPDATE or DELETE.
How can I use DDL statements via ODBC?
I would appreciate if you could help me to use ODBC for that - no OLE, no ADO.
I have some tables sitting in schema "A", then I created a view in schema "B" based on the tables in schema "A". Then I gave the user just access to schema "B" to only run the view but not see the tables in schema "A".
Could it be that if the user tried to ODBC to that db, they would only see the view in schema "B" and not the tables in schema "A"?
This started as a simple thing, allow somebody to access to a database on a SQL 2005 server so they could get to it from MSAccess. I have created a login (Windows Authentication) so they can see the database and gave them "public" and "datareader" abilities.
The user then informed me that while they could see the views they could not see the data. Not being a DBA (sorry) I added "public" to the view's permissions (under properties) and granted it "Select" access and nothing else. After I completed this the user could not even see the views to pick them (via the ODBC link from MSAccess) and when I try to remove "public" from the permissions it dissapears, but when I reopen the permission "public" is back.
I then find out there is no data in the views and so the user would not have been able view anything anyway.
So what I want to do is remove "public" from the views permissions, is this possible?
I maked ODBC for SQL erver data base and linked with Access database which is working good but when I check ODBC link in access it shows alot of other stuff and all tables related to that database .
Is there any way to remove irrelevant tables/views etc from that ODBC - thanks for help
I have set up a link from ACCESS to a SQL 7.0 database using ODBC (File DSN saved on a shared DRIVE). The link works well only from the workstation where the link was created. But How can I create a link so a group of users can view the linked table in ACCESS without type a password? Any suggestion is appreciated.
I'm trying to access a System Catalog View (sys.database_permissions, and others) from a table valued function. I need to be able to pass the database name into the function so that I can operate on any database. Typically I'd use dynamic SQL to do something like
INSERT INTO #tempTable
EXEC ('SELECT * FROM ' + @DBName + '.sys.database_permissions')
But of course I can't use dynamic SQL inside of a UDF. I know I could do this using a stored procedure, but I'd need the output to be a recordset that I can query.
Has anyone done anything like this? I think I'm stuck.
Can Microsoft Access access a stored procedure on the SQL Server? If not, is there any way to assign a parameter to a view? I can link to a view in Access, but I cannot link to a procedure. I need to SELECT * from aTable WHERE ID = [@PassidInID]. Any way to do this through Access? The reason for this, is because I am trying to run an existing query (which is very busy - using other queries with queries in them etc.), and I keep getting an ODBC error. I am thinking that if I move the queries to the SQL Server, it may get rid of this error? It's a 2-tier app I have. Tables on the server, forms, queries, and everything else in Access. Thanks in advance - I hope.
Is there an easy way to convert Access Queries to SQL Views without doing it manually?I have used the Databse tool to migrate tables, but cannot see to find something similiar for queries.
I don't know if there is a fundamental problem with what I am trying to do, or am I just having problems setting it up correctly:
I have a SQL server multi-user database. I want my users to connect to this databsase via Access 2000 Data Project. No problem there. The database consists of one main table and several views (based on the office branch that the user works from). For example there is a Chicago view, an Atlanta view, etc. that all extract different records from the same underlying table. I need my users to have FULL ACCESS (select, update, delete) to their respective VIEWS, but they cannot have access to the underlying table. I've tried several configurations and I'm beginning to think that this may not be possible... is that the case?
If it is not possible to grant access to views but not the underlying table, then what are my other options? The objective is to have a multi-user table that each user "owns a piece of" without being able to see the tables or records belonging to their peers. Do I need to setup a table for every office, and somehow link those tables into one main table? How would I avoid duplicate records being entered into the separate tables? Any help would be GREATLY appreciated, as this problem has had me stumped for weeks.
I have a whole bunch of forms that have an unbound StartDate and anEndDate field that I have used in MSAccess MDB databases as parametersin queries (ie tblEvent.StartDate > Forms!myFormName.StartDate.)So, now I'm migrating this beast over to and ADP/SQL Server projectusing Views and Procedures.How do I pass the value in Forms!myFormName.StartDate to a Procedureand get something that looks like:If tblEvent.StartDate > Forms!myFormName.StartDate then ...Any help is GREATLY appreciated. This is a major problem before I canmove ahead with this beast!lq
I have created a SQL Server Database and connected it to an MS Access front end using an ODBC datasource connection.
All reports and queries are in Access and I think that because the queries are in Access and not on the SQL that all data is being transferred across the network and that the data is actually being processed on the client-side. (It's getting slower as more data is entered).
How can I link a SQL Server query through my ODBC connection so that the query is being processed on the server and only the results are being sent across the network?
Does anyone know how to set up linked database to SQL using MS Access but not having to use ODBC. Right now we set up ODBC and the access developers use this to link to SQL Server. We want to get rid of all ODBC settings and i cannot find a way to use MS Access without having ODBC.
Zero Length Strings Showing up as a Space in Views linked in Access
I have code being converted from a SQL 6.5 DB to SQL 7; SQL 7 does not concantenate NULLS like in 6.5, so i have replaced all occurances of concantenated NULLs with zero-length strings (''s); in SQL, the view displays the zero-length strings properly, but when i view the linked view in Access97, the zero-length strings are displayed as spaces; is this a SQL problem or an Access Problem? Is there a solution?
Example of display: 10132 Hampton, VA: A. Deepak Publishing
SELECT PublisherID, Info = CASE WHEN City IS NOT NULL THEN City + CASE WHEN State IS NOT NULL THEN ', ' + State ELSE '' END + ': ' ELSE '' END + Publisher FROM tblLibraryPublishers
When view is linked in Access97, the display will be: 10132 Hampton, VA : A. Deepak Publishing (this spacing can produce a number of lookup/search problems if only the Publisher name is displayed because a space is added to the beginning of the Publisher name)
I'm trying to grant a user group select access to all the views in a database. I already made a query which creates a result set whit the SQL Syntax I (displayed below) need but it seems to be impossible to get this result set executed after creation.
use [AdventureWorksDW2008R2] SELECT 'GRANT SELECT ON [' + SCHEMA_NAME(Schema_id) + '].[' + name + '] TO [DOMAINGROUP]' FROM sys.views;
We are trying to restict internet access from certin computers but, it's still in place because we need to process credit cards. Is it possible to remove internet access and allow our SQL based program to still run credit cards because of the ODBC connection to the SQL server which has internet access?
Hi, does anybody know how to access data in filemaker using ODBC. I have read the help files that we can connect to filemaker database via ODBC. I have tried to create DSN for that, but when I tried to connect using that DSN my C# application, It failed to retrieve the catalog information, it said that login failed. I have no idea what the username and password that I have to used in my connection because as i knew that filemaker only use password, and i have tried to use that password too. I never used filemaker before, but this time i need to retrieve data from filemaker, so please help :) Thanks.
We have this fairly simple Access database with a link table to a view in an SQL Server. The Select Query in Access is a simple select from this view with a view criteria set. Nothing fancy. What is driving is moderately crazy is that this Select Query in Access seems to work fine for months and than all of a sudden (same query performed around the same time with about the same workload on the SQL-Server) it responses with the helpful "ODBC-Call Failed" message. Closing the Access database, taking a coffee, coming back againg and try the exact same Select Query normally works, no "ODBC-Call Failed" message.
It not happens always, mosty we're fine. When it happens it happens for all subsequent queries tried. We have to close and reopen the Access database and pray to the good Lord that it works.
We would be very interested in someone with a solution to this problem.
I'm attempting to connect to an SQL Server Express database from a remote PC, but it isn't connecting. I have a user account created in the database, and I'm using the SQL authentication with that user account. I have success with this if I'm on the server that the database is on, but not remotely. Both are on the same network, even plugged into the same hub. There doesn't appear to be any network problems.
I am having an issue that i can't seem to resolve. By no means am I an expert with odbc connections and what not but any help would be great.
here is my issue. I have a 64 Bit terminal server that is running MS Access. I have defined my DSN within the 32 bit admin utility and it connects without a problem As soon as i try to link tables and make a connection to the database from within Access i recieve an "ODBC CALL FAILED" message.
I enabled tracing and here is what i got.....this doesn't mean anything to me but hopefully it does to someone.....
PaintJobShip_Ma 1388-ecc ENTER SQLAllocEnv HENV * 002DB3C4
when i run this function i get an error : "You cannot use ODBC to import from, export to, or link an external Microsoft Jet or ISAM database table to your database"
when i try to import in the same way a dbf file (insted the csv file) with VFP it's working well.
what seems to be the problem? how can i fix it? or if some one know how can i import a large csv file into access DB in an efficient diffrent way?
