Restricting Application Access To SQL Server 7

Jul 12, 2000

Hi all

Certain people in our company want to use Crystal Reports for data-processing. Problem is we want them to NOT be able to access data in databases within the live server.

Given that we use trusted connection to validate all kind of data-access, I am wondering if there is a way so that (via NT administration or via some SQL Server security features)
the live-server can refuse any connection request from the Crystal Reports application. At the moment the same group of people are allowed access to database (and should remain to be so) on this "live" server via some other applications (e.g. Microsoft Access).

Any advice is welcomed.

Simon

View 1 Replies


ADVERTISEMENT

Restricting Access To EM

Jun 25, 2003

First some explaination then the question. I have some users that legally or otherwise have gotten copies of SQL 2000 and installed it on thier local PC's. They are now using Enterprise Manager to connect to my database servers via IP and server name. They are using thier regular user id and passwords that they would use to log into the HR and Finance applications. For obvious reasons this is not a good thing. Now the question, can I some how restrict connections via EM to just thoses with an sa role? Or am I doing something else wrong or missed some hidden configuration.

Thanks in advance!

T.C.

View 8 Replies View Related

Restricting Access To A Database

Feb 21, 2006

Hi

I wish to setup a database that can be viewed only by a few users. How do I stop other users and the general public from seeing the database and its structures.

Cheers

Al

View 6 Replies View Related

Restricting Access To Certain Folders?

Jan 6, 2007

Hi all,

I have a user who I only want to provide access to a single folder within
RS2005. I don't seem to be able todo this, they can either see everything or
nothing at all.

What am I missing? Any help much appreciated.

Kind regards
Tarun

View 10 Replies View Related

Restricting Access To Stored Procedures

Oct 5, 2005

I'm going through the SQLSecurity Checklist I found at sqlsecurity.com. One of the points it says to "Restrict to sysadmins-only access to stored procedures and extended stored procedures that you believe could pose a threat." It also lists a bunch of stored procs and extended stored procs that you should consider restricting to sysadmins only. I was wondering if someone could give me some pointers on how to do this? I would like to write a script that I could run on every sql server 2000 install that would do this. How could I ensure that every user does not have access except the sysadmins?

Thanks,
Chris

View 11 Replies View Related

Stored Procedures - Restricting Access

Dec 12, 2006

Hello everyone,

I have a design problem which I am hoping somebody can shed some light on.

I am running SQL Server 2000 using SQL authenticaiton (due to be changed to Windows authentication in the next 6 months). I have a table in my database which we shall call monthly. I want to restrict the ability to insert to the monthly table to 2 stored procedures (proc_abc & proc_xy) which I have written which do various other validation checks before it inserts the data into monthly.

Users with the Foo function assigned are able to execute proc_abc & proc_xy

I have written a VB application which can be used by users who are not familiar with SQL to be able to execute these stored procedures. (Must have Foo function in order to login to this application).

I want to restrict the ability to execute the stored procedures to users using the VB application only, and thus not be able to execute the stored procedure using Query Analyzer or such like for any Foo user.

Is there anyway I can do this?

One suggestion put to me is two split the functions. Have one function lets call it Top which can access the VB application and then have another function called Bottom which is able to execute the stored procedures. Only the VB app would have access to the Bottom credentials. But is this secure? Would I just hard code the credentials for the Bottom function user within the VB app? This doesn's seem a secure way of doing things to me.

Thanks for the help!

View 6 Replies View Related

Restricting Access To Sys And INFORMATION_SCHEMA Views In ODBC

Oct 23, 2007

Hi
I'm building a data warehouse - my end users connect using Access via ODBC Microsoft SQL Server driver (2000.85.1117.00).

However, whenever they connect using Access via ODBC they get a huge list of sys and INFORMATION_SCHEMA views, in addition to the data warehouse tables they need to access.

How can I remove these sys and INFORMATION_SCHEMA views from the list of tables/views presented to the end user?

I've tried denying access by changing permissions to deny in the public role of the master database - I have also changed permissions in the public role in the data warehouse database. When I do this, the ODBC connection fails to retrieve any objects because it doesn't have access to sys.databases (and various other unspecified objects).
I'm stuck - help!

View 4 Replies View Related

Restricting Computer Administrator Access To Named SQL Instance

Jan 18, 2008



This is a slight re-stating from an older thread, which I think warrants some new discussion. The answer has always been that system administrators should have full access to everything on a system, including databases.

Although that is a logical position for internal IT departments it doesn't quite fit the model of systems with outsourced or external system support.


"If you don't trust your DBA, then you need a new DBA. They are in a position of authority for a reason and restricting that authority makes it impossible for them to do the job they are hired to do."

What about scenarios where you have local machine administrators that should NOT be given access to private data in a secured database, even though they need to be able to access and maintain everything else? And unfortunately some regulations are written about access to stored data whether encrypted or not...

In the modern world of Sarbanes-Oxley and PCI-DSS/CISP it is no longer so cut and dried. Especially where companies have software/hardware support contracts with third parties that require administrative access to other aspects of the systems.

So accepting that you might need someone to have administrative level access to the box but they should not be able to view the contents of a database installed on that box, what would you do?


Is there a way to create an adminstrative group that does not allow access to a specific named instance of SQL?

Is there a way to revoke access for one member of the administrators group only?


Thanks,
Ted

View 6 Replies View Related

Restricting Data Access To System Database And Visibility To All Other User Databases...!

Jan 31, 2008

Hi,

How would I set permission for SQL Server 2005 "User A" to prevent access to System and other user databases, also How to hide the databases that "User A" has no rights to. I mean, when User A logs in, All other user databases are not visible to him/her.

Thanks,

View 6 Replies View Related

Sql Server To Access An Application In MS Access

Dec 6, 2000

Hi,
Can anyone tell me how i can access an application or open tables in MS sql server that are in MS Access. Its urgent and any help will be appriaciated.

View 2 Replies View Related

SQL Server Access From ASP.Net Application.

Apr 27, 2006

Hello all,  We have a SQL database that uses a MS Access projectfront-end, which I am now creating an ASP.Net application for (And am completely new to so may be missing some foundation concepts).  With the Access project I added Active Directory groups to the database to use for permissions, logins, etc.  For the ASP app I have it set to use Forms authentication  with Active Directory (ActiveDirectoryMembershipProvider).  I can login to the app with the AD usernames/passwords but the connection from ASP.Net to SQL is using the ASP User.  Is there a way to provide the authentication from the ActiveDirectoryMembership through to the SQL server, so the user: bobuser would be authenticated to SQL instead of ASPNETUSER?Or do I need to have the ASP.net app handle the permissions of which SP's a user can execute?Any help or suggestions are appreciated.Thanks,Jamie.

View 2 Replies View Related

Access SQL Server From Application

Feb 7, 2005

Hi,

I have recently transfered data from MS Access to MS SQL Server 2000 and created user interface in MS Access Project (ADP). Now I need to secure the data on server and want to access it ONLY through interface I created in MS Access. Every user has to log in the application (user id and password). Users may have the same access rights to the server (so maybe just one account or whatever I need for all of them). Can anyone advice me how to set it up? To access sql server from MS Access I am using ADO.

Thank you.
dj

View 2 Replies View Related

Conversion Of Access Application To SQL Server

Jul 20, 2005

Hi there,I have written an application which uses MS Access for it's database engine.Due to the large size which the database has become I have decided that itwould be sensible to use SQL Server with the application instead.I am an extreme SQL Server newbie so I am not really sure what I'm doingyet! I have successfully downloaded and installed the MS SQLDE 2000 andservice pack 3.What do I need to do next? Ideally I would like to convert the existingAccess database to MS SQL Server format. Also I would like to know if it ispossible to create an SQL Server database from scratch using a guienvironment similar to Access and if so which software (preferably free) doI need to achieve this?Many thanks,Clive.

View 3 Replies View Related

No Access From Application To SQL Server 2000

May 19, 2006

I have installed the SQL Server 2000 and its up running.

I can connect to the database direct as administrator, but my test application(asp.net 2.0) returns an exception.

SqlConnection sqlConn = new SqlConnection("data source=10.61.90.24;initial catalog=testdb;persist security info=False;user id=sa;pwd=data;Type System Version=SQL Server 2000;");

sqlConn.Open();



I receive this exception:
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)

View 4 Replies View Related

ASP.NET Application - SQL Server Does Not Exist Or Access Denied

Feb 16, 2005

I have a ASP.NET time sheet management application I designed - today I put it live on the webserver and recreated the database on my SQL 2000 server. When I attempt to view, all of the pages where I query the database I catch the error "SQL Server does not exist or access denied".

The concerning part of this is that I have tested the live database from my development PC (remote - offsite) and it works fine. This shows that the database that I brought over is intact and the user has the appropriate permissions. The only thing that I changed in the application when I copied it to the server was the connection string server name to reflect the location change.

The setup is as follows:

Development PC on a broadband connection running Windows 2003 server enterprise, SQL Server 2000 SP3a, Visual Studio 2003 Enterprise.

Web/Database/Email server running Windows 2003 Standard, SQL Server 2000 SP3a, Exchange 2003, Active Directory, DNS etc.

When I run the application on the Web server from a browser with local names ie. http:\SERVER1application I get the "SQL Server does not exist or access denied" errors. When I try to connect to the application on the web server from my development PC i get the same problem.

When I changed the connection string on my development PC to the webserver/dbserver it runs fine.

I don't understand how a local proccess is having difficulty authenticating to the database when I can access it remotely just fine.

Anyone have any suggestions?

View 2 Replies View Related

Porting An Existant Application From Ms Access To Sql Server

Jan 9, 2007

My database knowledge are with MySql and Oracle, but recently I was asked to evaluate the migration of an existing (and maybe more) from ms access to sql server. My question is simple, if all of the sql are hard coded into the code ... how well this sql will work, I mean is the sql between access and sql server are plug'n'play ? However in any case, I always rewiew all of the sql.

View 2 Replies View Related

ASP.NET Application - Migrating From Access 2000 To SQL Server 7

Jul 23, 2005

First off, sorry if my cross posting offends anyone. I'm posting thisin Access and SQL Server groups - not sure which one is appropriate.I have a relatively simple ASP.NET/VB.NET application that is nowhitting an Access 2000 database over an intranet. We have to migratethe database to SQL Server 7. My experience with ASP.NET is prettylimited and my experience with SQL Server is nonexistent.We have an MSDN subscription, so I went to the downloads section to getSQL Server 7. Guess what? SQL Server 6.5 is available, as is 2000 and2005, but no SQL Server 7. So my first question is, does anyone know ifit is available for MSDN subscribers?The next question is, does anyone know of a good resource that explainshow to make the transition from Access 2000 to SQL Server 7? I know thedata has to be migrated and the connection between the application andthe database modified, but am really not sure exactly what to first andthe correct way to go about it. The application is a simple productconfigurator. There's not a lot of data and it's not a very complexdatabase.Thanks in advance. If you'd like, please copy responses tolcifers(AT)yahoo.com (AT) = @TIA.Cheers.- Luther

View 2 Replies View Related

Secure SQL Server Remote Access From ISV Application

May 8, 2007

Hi guys



I'm writing a C# application which connects to a local SQL database for data access. The application connects to SQL Server through windows authentication, but opens up the port and sqlbrowser to others on the network wanting to access the database through SQL Server authentication, and also allows remote users to connect to this server remotely if they have the login and password (and because the port is already open)



I understand this is not secure and open to attack, and am unsure of how to secure these processes without blocking these three types of access, from A.) the local user, B.) the network user and C.) the remote user across the net.



Have researched this a fair bit, but get somewhat lost amongst all the jargon.

View 6 Replies View Related

SQL Server Security Setup For Web Application Access

Jun 6, 2007

All:

I am writing an Internet/Extranet based (ASP.Net 2.0) web application that uses SQL server 2005 as the database. I am using forms authentication on my web application. I am also storing the connection string to SQL server in my web config file. The conn string is encrypted using DPAPI with entropy. I currently have created a SQL login account on my SQL server for use by the web application. This is the user ID I am using in my conn string. The reason for this is because all persons using the application will NOT have a windows login.

Here is my question: The login I created currently has defaulted to the "dbo" role and therefore has "dbo" rights to the database. I want to setup up this login account so that all it can do is execute stored procedures. I dont want this SQL login to be able to do anything else. In my application I am using stored procedures for ALL data access functions, via a data access layer in my application. Can someone guide me step by step as to how to setup this type of access for this SQL login.

Thanks,

Blue.

View 1 Replies View Related

Access Web Application Is Slow, Should I Upgrade To SQL Server?

Jun 6, 2006

Hi,

first time poster/newbie here.

I've
got a football (soccer for the yanks!) predictions league website that
is driven by and Access database. It basically calculates points
scored for a user getting certain predictions correct. This is the URL:


http://www.pool-predictions.co.uk/home/index.asp

There
are two sections of the site however that have almost ground to halt
now that more users have registered throught the season. The players
section and league table section have gone progressively slower to load
throughout the year and almost taking 2 minutes to load.

http://www.pool-predictions.co.uk/home/players.asp?tab=a_d
http://www.pool-predictions.co.uk/home/table.asp

All
the calculations are performed in the Access database Ive written and
there are Access SQL queries to get the data out.

My
question is, is how can I speed the bloody thing up! ! Somone has
alos suggested to me that I use stored procedures and SQL Server to
speed things up? Ive never used SQL Server before so I am bit scared
about using it (Im only a hobbyist), and I dont even know what a SP is
or does. How easy will it be upgrading the whole thing to SQL Server
and will it be worth the hassle, bearing in mind I expect my userbase
to keep growing? Do SP help speed things up significantly? Would
appreciate some advice!

Thanks in advance,

John.

View 1 Replies View Related

SQL Server Admin 2014 :: Limit DB Access Outside Application?

Dec 3, 2013

We have applications connected to SQL using windows authentication. While having connection with Application user can also access to Database instance on the same time as well. We need to limit the access of user outside application.

View 6 Replies View Related

401 Unauthorized Access When Calling Report Server From ASP.NET Application

Feb 11, 2008

I receive the following error when i call report server web service from an asp.net application:

"The request failed with HTTP status 401: Unauthorized."



Here are the IIS logs on the reporting services server. When i open IE and browse to the web service i provide my user credentials and i can access the web service just fine. However when i call the web service via my asp.net application it looks like my credentials are not being passed??

Browsing web services via internet explorer.

2008-02-11 21:26:13 W3SVC1836052065 HQSQLDEV1 10.69.21.140 GET /Reports/images/16fold.gif - 8080 triwestdbloom 10.69.21.140 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+WOW64;+SV1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322) 10.69.21.140:8080 200 0 0 15

Call from ASP.NET App

2008-02-11 21:26:13 W3SVC1836052065 HQSQLDEV1 10.69.21.140 GET /Reports/images/16fold.gif - 8080 - 10.69.21.140 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+WOW64;+SV1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322) 10.69.21.140:8080 401 1 0 0

Here is my code:


RSWebService.ReportingService rs = new RSWebService.ReportingService();

rs.Credentials = new System.Net.NetworkCredential(@"triwestdbloom",

"blah", "triwest");



//rs.PreAuthenticate = true;

//Get all folders

RSWebService.CatalogItem[] allItems = rs.ListChildren("/", false);

//Get only folders not hidden to the user.

List<RSWebService.CatalogItem> visibleItems = new List<RSWebService.CatalogItem>();

foreach (RSWebService.CatalogItem item in allItems)

{

Response.Write(item.Name.ToString());

}

Any ideas?

View 2 Replies View Related

SQL Server Express, Simultaneous ,Multiple Application Access?

Jul 27, 2006

Hi Everyone,

I have a software solution that consists of two separate applications that share a SQL Server Express database on a single computer. Everything is working great, except when both of the applications want to access the database at the same time. All I can find is information on configuring multi-user access in a distributed system. I'd appreciate any information on configuring multi-application access on a single computer.

Thanks,

Mike

View 4 Replies View Related

How To Set My ASP.NET Application To Access SQL Server 2005 Using Client's User Credentials?

Jan 29, 2007

Hi guys,I'm not sure if I'm just bad at googling but I can't seem to find a way to set an ASP.NET 2.0 web application to connect to SQL Server 2005 using the current client's user credentials. My web application is using Integrated Windows Authentication so its Page.User.Identity is set to a DOMAINusername value... I want to pass that to my connectionstring or have my connections pick up the identity automatically and use that Identity when accessing the db server.Oh and another thing, my IIS Application Pool is using a specific Identity itself, so I don't know if that might affect the above.Hope someone could help. 

View 2 Replies View Related

SQL Server 2012 :: Query For User Access To Application Modules

Mar 24, 2015

I have to create a query that will be returning the users and the application modules they have access for. Along with the list of users and modules the query should also return if any module is not accessible for that user.

The 'ApplicationUsers' table is like this:

CREATE TABLE #ApplicationUsers
(
userId INT,
UserName VARCHAR(50)
)
INSERT INTO #ApplicationUsers VALUES
(1, 'Daniel'), (2,'Martin'), (3, 'Brandon'), (4, 'Doug')The 'ApplicationModule' table is like this:

[Code] .....

I used pivot query but there are a couple of limitations in it(may be I am making mistakes in it). First, the pivot columns are static whereas I need dynamic column names(Application Modules). Second, I need to include all the users with all the modules with access or without access that I am unable to achieve.

View 5 Replies View Related

How Can I Access Data To SQL Server 2005 Using Windows Application,ADO.net And .Net Remoting.

May 3, 2007

How can I access data to SQL server 2005 using Windows form application,ADO.net and .Net remoting?

Can anybody help me? please...

View 5 Replies View Related

SQL Server 2005 Security Setup For ASP.Net Web Application Data Access - HELP!

Nov 17, 2007



Here is my situation: I am creating a database driven ASP.Net web application that will be used over the internet. My ASP.Net application connects to my SQL server 2005 database/server by using a SQL server login. I am using the DPAPI API to encrypt my connection stings with a hidden entropy value for extra security. I am using the SQL login for obvious reasons, as my users will not have a windows login.

What I am trying to do: I want to limit this SQL login account to be able to just run/execute stored procedures and NOT access the tables or views directly. In my ASP.Net application I am using the MS applications data block, and I am using stored procedures for every single database access action. There is no inline SQL being executed from my web application.

What I have tried so far:


I created a new schema and made the above SQL login account owner of this schema. I then granted "Execute" permissions to the SQL login and DENY permissions to all other permissions.

I created an database role with "Execute" only permissions and DENY permissions to all other permissions.

What Happened: In BOTH of the above scenarios I tested a direct SQL statement against one of my tables, from my ASP.Net application and I was able retrieve data back, NOT GOOD, exactly what I am trying to STOP.

If someone could give me (Step-by-Step) guide on how to setup the situation I am looking for, I would be very grateful!


Thanks to all that help!

View 13 Replies View Related

List Groups That Have Access To Application And Use Grid Format To Show Access To Specific Tables

Jun 23, 2014

i am currently working on designing a database for a bank as a school project for my database class. We have to draw up an entity relationship diagram, Sql tables, database size estimate etc. I am currently working on the security portion of the project. I need to list the groups that have access to my application and use a grid format to show access to specific tables.

I am currently working on designing a database for a bank as a school project for my database class. We have to draw up an entity relationship diagram, Sql tables, database size estimate etc. I am currently working on the security portion of the project. I need to list the groups that have access to my application and use a grid format to show access to specific tables.

Role Loans Payments Transactions Accounts Customer Emplo
Database Admin SUID SUID SUID SUID SUID SUID
Branch Manager SUI SUI SUI SUI SUI SUI
Internal Auditor S S S S S S
Loan Officer SUID SUI SUI S S
Tellers S S S S SU
Customers U

View 1 Replies View Related

Does MS Access Installation Is Required For Running Application That Uses Access Mdb File

Nov 28, 2006

Hi,

I am developing an application that uses Access database (mdb file) to store the user data. The user of this application is not interested in the database file (to view in MS Access Environment). Does the user machine requires MS Access installation to run my application or just some couple of dlls (OleDB driver, Access DB Engine,..) should be enough to run my application?



Thanks,

Rao

View 3 Replies View Related

Data Access :: INSERT Statement Conflicted With FOREIGN KEY Constraint On Application Server

Jul 31, 2015

I get the below error on the event log of my application server which uses SQL database.

Details: RuleId:a811dcbc-4c5b-d9de-592b-f01e17fc0e9a. HealthServiceId:a5f70248-b545-4d35-7c84-e7aa87610ee4. The INSERT statement conflicted with the FOREIGN KEY constraint "FK_Alert_BaseManagedEntity". The conflict occurred in database "OperationsManager",
table "dbo.BaseManagedEntity", column 'BaseManagedEntityId'.

The statement has been terminated.RuleId:a811dcbc-4c5b-d9de-592b-f01e17fc0e9a. HealthServiceId:a5f70248-b545-4d35-7c84-e7aa87610ee4. The INSERT statement conflicted with the FOREIGN KEY constraint "FK_Alert_BaseManagedEntity". The conflict occurred in database "OperationsManager", table "dbo.BaseManagedEntity", column 'BaseManagedEntityId'.The statement has been terminated..

Details: RuleId:a811dcbc-4c5b-d9de-592b-f01e17fc0e9a. HealthServiceId:a5f70248-b545-4d35-7c84-e7aa87610ee4. The INSERT statement conflicted with the FOREIGN KEY constraint "FK_Alert_BaseManagedEntity". The conflict occurred in database "OperationsManager", table "dbo. BaseManaged Entity", column 'BaseManagedEntityId'.The statement has been terminated..

View 5 Replies View Related

Changing Access Db To Sql Db Web Application.

Jun 28, 2005

I am experiencing problems with databases for the web application that i am developing. The problem is that I have transferred the database from access to sql which initially seemed to work ok. I am now however struggling to solve the problems with one of my fields titled 'notes'. The trouble is that in the original database the notes field contained different notes from different dates for each record, and each note is separated by carriage returns. It is the carriage returns that are now proving to be a problem in the sql database but i am not sure what to do. Any advice would be appreciated.ThanksDan

View 3 Replies View Related

Enforcing Application Access Only

May 24, 2006

Hi all,

sql server 2000
windows 2000
authentication is through the db (not windows).

I am attempting to limit access to one of our production sql server databases. I want to ensure that only application users can connect to the db, i.e they connect to the application and the application connects to the database (database access is transparent to them). The app uses a common login account.

I would like to prevent users from connecting to the db using ad hoc query tools or other EDIs (toad for sql server, ...). Currently there is nothing stopping them from doing so using the application acct/pwd.

I am contemplating writing a trigger that checks for the program that the user is using and if the program is not recognized, kill the session. Is this the right approach or is/are there any "out of the box" utilities that will do this for me?

FYI. the acct/pwd that the app uses to access the db is well known to users.

View 6 Replies View Related

Unable To Access Web Application Remotely

Nov 2, 2006

I can't run my web application on remote pc which is connected in flan with my pc.It works on my local pc but it is not working on remote pc. i m geeting an error like as blowAn error has occurred while establishing a connection to the server.  When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) i have used sql server 2000 for my database but i my getting error for sql server 2005 which i have never used in my web application.Here is the Exception detailsException Details: System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server.  When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)i have used coonection string as followsData Source=neptune;Initial Catalog=azim;User ID=saso can anyone give me soluion of this problem 

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved