Security Issue : How To Hide SDF File From The End-user ?

Jan 5, 2008

Hi There,

Do we have any way of hiding SDF file from end-user? When we are installing our application on user's machine, we have to keep SDF file somewhere but anyone who knows about SDF file can open that file in management studio and that exposes our database structure. Is there a workaround for this ? How can we prevent visibility of SDF file ?

Please help. Thanks in Advance.

Rumba.

View 5 Replies


ADVERTISEMENT

Share A RSS File For Applying AD-USER To Folder SECURITY?

Mar 19, 2008

Has anyone written a RSS file that is used to add new Active Directory User/Group to SSRS, and applying security ROLES such as BROWSER?

I have new IT AD group that I need to apply to ALL folders on my PROD, QA and DEV servers. Way too many folders to do via SSMS or Web interface.

Would you be willing to share the RSS file?

View 1 Replies View Related

SQL Security :: How To Hide Some Text Or Table In MS Outlook Message

Sep 6, 2015

I'm using Outlook 2010

My goal: I want to hide some text or table from inside the email message body. I don't want to attach a file with a table neither I want copy/paste it. I'd like to put that Excel table inside the message but the table is quite big.

Before I used Lotus Notes and it had the option to fold of hide some text from user. User could open when it wants but it will not take the space.

View 2 Replies View Related

SQL Security :: Can Hide Databases From Users Who Don't Have Access In Management Studio

Apr 21, 2015

I have a client who would like to access his database via SQL Server Management Studio. I created a login for him. This login has access only to his database on the server (I set this up using the user mapping), the Securables has Connect to SQL checked (otherwise he won't see his database).  When I test this login, he is able to see all the other databases on the server, though when he clicks on the ones he doesn't have access to, it will tell him that he can't access that database.  He can access his database alright.  My question is, can I hide all the other databases from him, and only display that only database he has access to?  I have tried many different ways, I can't seem to be able to do so.

View 6 Replies View Related

Hide Field From User

Oct 22, 2006

I have an app that connects to sqlepress. When run the field are loaded from the db. There are some fields that I don't want some of the users to see. Is there a way to do this without hardcoding the 'username' in the applicaton ?

I looked at the explicit permissions for username for the particular table, but I don't understand some of the terms listed.

Alter

Control

References

View definition

View 1 Replies View Related

SQL 2012 :: How To Hide Stored Procedures From User

Sep 25, 2015

How can I allow a user to run a stored procedure but deny them the ability to see it in SSMS?

I don't mean 'view def' permissions, I mean the actual proc.

I read about encryption which mask the contents but they can still see the proc, any other ways I can accomplish this?

View 9 Replies View Related

SQL Security :: How To Copy Permission Of A User To Newly Created User

Oct 24, 2015

How can i assign permissions to a newly created users as of an existing user?

View 3 Replies View Related

Show/hide A Field Based On The Logged In User In Reports

Apr 24, 2007

Hi,



I have some sensitive and non-sensitive info/fields in one of my reports. Is there a way to hide/show the info based on the logged in user? or do I have to create separte reports for each type of info like one for sensitive and another one for non-sensitive info.



Thanks inadvace for your help!



View 3 Replies View Related

SQL Server 2005: User Security Management: User Ch

Jun 25, 2007

How do you handle user level security with SQL Server 2005?

Say I have an HR database.

In Active Directory I have two groups: Managers, Employees.

Now in this HR Database I want to setup permissions in such a way that Managers can see all employees under them (but not other managers) and the employees can only see themselves.

(I'd have various levels of management defined in a table somewhere, so that each employee has a manager ID that links to another employee so that the CEO would be manager of everyone by working down the chain).

What I'm trying to understand is the best way to handle the permissions.

I'm not entirely clear on how to deal with that.

Would I use user chaining to do that, I wouldn't need impersonation (that's just for instances where you want dynamic SQL and it won't execute with user chaining, correct?)

Anyway, just looking for some general direction on this (obviously I need to get a good book it would seem).


Would I create a stored procedure that runs with EXECUTE AS permissions so that I'd have a non-interactive login it uses that has table access then all the other users have permission to execute the sproc?

So that sproc runs, pulls back a SELECT * FROM tbl_HRINFO and using a WHERE constraint limits who is returned WHERE SupervisorID = CurrentLoggedInEmployeeID ?

Also: How can I determine who is logged in and running the procedure, would the sproc use the SELECT USER_NAME command to see who was running it?

As you can see, I'm working from square one on all of this.
Not sure if my posting entirely made sense, but hopefully someone can get me pointed in the right direction, thanks!

View 3 Replies View Related

User Security

Mar 14, 2008

Hi all,



I want to create a user with the following criteria:


The user can able to "CREATE","ALTER" the stored proceudres but not "DROP" them.


So for this, I did like this:
--Schema Level

grant control on SCHEMA::dbo TO username


--Procudure level

GRANT CREATE PROCEDURE TO username


--Denying on schema level

Deny alter on schema::dbo TO username --------- But, if i do this, then the user cannot able to create anything in the schema.


Can anyone give the workaround so that the user can able to "Create" as well "Alter" the stored procedure but not able to "Drop" the stored procedure.


Thanks.

View 3 Replies View Related

DTS And NT Integrated Security User?

Dec 2, 1999

We have a a DTS package set up to run against another SQL Server. Using an integrated login is there a way to map an NT Authenticated users is
the sql server login id mapping to this attached server. The DB we are going against only uses NT authentication to attach to.

View 3 Replies View Related

Modifying User Security

Jul 20, 2005

I have an asp page that currently is creating a database and a userlogin for that database. After everything successfully (I thought)executed, I tried to change my connection properties for the serverand then login as this new user. It wouldn't allow me to, so I loggedback in as the administrator and looked at the properties for the newlogin. On the general tab, it had the user's default databasespecified as the new database that I had created in the asp page, butwhen I went to the database access tab, the database was not selected.So, I'm not sure how to set that in my script. I've done somesearching in BOL, but I can't figure it out. Also, if there's a wayto do this in a query, or stored procedure, will it also specify whattype of role the user has (public, db_owner, etc.)? Thanks.

View 5 Replies View Related

User Dependent Security

May 10, 2007

I was just analysing the security which can be given to different users to access respective databases. So i tried, on my local server, to deny permission to myself to access Model database. After this i am not able to connect to my local server at all. Error: Permission denied. I am using windows authentication mode.

I have also deleted the local server registration, and re-registered it, but still the condition is same. Do i need to uninstall SQL Server completly to get rid of this prob.? I also registered a new data server, and there every thing is going fine. So now what do i do to get connected to my local server.

View 5 Replies View Related

SQL Security :: Schema Name Same As User Name

Jun 28, 2015

In some our dotabases I can see Schemas created with the same name as Domain User name (domainusername). Schema owner for those schemas is not dbo but the same user as in schema name. How this happens? Is any way to prevent or prohibit this?

View 9 Replies View Related

User Security Audit

Jan 16, 2008

What is the easiest way to find out what objects a security login has mapped to it? Something that would show all the explicit grants a specific user has.

View 6 Replies View Related

SQL 2012 :: User For Row Level Security

Feb 19, 2014

In database we are planning to implement row level security.For this we need to create users or we need create login for each one?

View 1 Replies View Related

SQL Security :: Restrict A User Only To Particular Schema

Sep 23, 2015

I have created a user Finance and I want to grant him access only to see views which are created under Schema called "FinanceQuery".

Note: View may use tables from multiple schemas example: dbo. Staging. ect 

By doing this, I want to achieve that this user Finance can see only Views created under Schema FinanceQuery and should not see any other objects (tables, Stored Procedures, Functions etc.)

View 3 Replies View Related

SQL Security :: How To Set Permissions For A User On X And Y Schema

Oct 22, 2015

I need to provide a User with below permissions:

1. Ability to read and write records in tables in both the X schema and Y schema
2. Ability to read metadata about objects in the X and Y schema
3. Ability to execute stored procedures in the X and Y schema
4. Ability to create and update the necessary schema objects used by X, including but not limited to tables, views, and indexes
5. CREATE FUNCTION permission
6. ALTER and EXECUTE permissions on the X schema
7. VIEW DEFINITION permission on the X and Y schemas to enable view export. 

For the point 1, I will assign db_datareader,db_datawriter database roles to the user

For the point 2, when I have searched web, I found out ReadDefinition permission should be granted. I could find only viewDefinition but not ReadDefinition.

For the point 3, 'USE DataBaseName GRANT EXECUTE TO User; Go' - does this sql suffice?

For the point 4, I am not sure what should be done.

For the point 5, 'USE DataBaseName GRANT CREATE FUNCTION TO User; Go' - I guess this will work

For the point 6, Can I use same SQL as point 3 including ALTER ?

For the point 7, 'USE DataBaseName GRANT VIEW DEFINITION TO User; Go'

View 5 Replies View Related

SQL Security :: How To Trace Changing On DB User

Jun 3, 2015

Is there a kind of log to trace the change on DB user, such as when the password/permission is changed, etc. If yes, how can i get this log; If no, is there a way to achieve this thing?

View 2 Replies View Related

SQL Security :: User Permissions For XML Column

Jul 7, 2015

We have a user who is set to following permission on a DB,

server role: public
db permission: db_datareader

But when user tries to use following query on xml column he getting error as below,

SELECT ticket_id FROM dbo.Form WITH(NOLOCK)
WHERE LEN(form_document.value('(/Form_Fields/Form_Field[@field_type_desc="Number"]/@field_value)[1]','varchar(100)')) > 0

Error:
The EXECUTE permission was denied on the object 'testDB_Form_Schema', database 'testDB', schema 'dbo'.Do i have provide any additional permissions to query xml content ?

View 4 Replies View Related

SQL 2012 :: Security Risk Of Guest User

Sep 24, 2015

I've read a bunch of articles saying you should always remove the guest user from the user databases and model. It seems to me that if a user only has public access then the user can't do anything on the database. If the guest user only has public access to a user database how is it a security threat? I must be missing something.

View 0 Replies View Related

Help With The Security/Login/User Area Of Operations

Jul 23, 2005

Currently studying for 70-229.I'm trying to understand how security for users is managed in SQLServer. I've been using SQL Server for a few years now, but withoutinvestigating the bits that "just work".So, here's the scenario. This is more or less how I create all myapplications (which these days are all ASP.NET).I have a database called "TESTDB" (original, huh?)Now, I want to create a method for users to access this database, so Iopen EM, locate and expand the node for the server containing thedatabase, and open the "Security" node. Click on the "Logins" leaf,and in the pane right-click and select "New Login.."On the "General" tab I enter "TESTDBLOGIN" as the Name.Select "SQL Server Authentication", and put in a password.In the drop-down list of databases select "TESTDBLOGIN"Ignoring the "Server Roles" tab, I go to the "Database Access" tab andscroll down until I can see the "TESTDB" database. Check the "Permit"checkbox, and lo!, the "Database Roles for TESTDB" list is populated,with "public" already ticked. I check the "db_owner" box, and press"OK". It asks me to confirm the password, and once that's done there'sa new login called TESTDBLOGIN. What's more in "Users" leaf in the"TESTDB" database node there's a new user called "TESTDBLOGIN".All well and good. I can now create a connection using this login anddo more or less what I want in the TESTDB database.But.If I click the "Users" leaf in the "TESTDB" node, there are two users -"dbo" and "TESTDBLOGIN". If I right-click the "TESTDBLOGIN" user, Ican see that it has Database Role Memberships for the "public" and the"db_owner" roles. But if I examine the permissions on these two roles(by selecting the row, and then pressing the "Permissions" button) Ifind that there are permissions set for EITHER role - all the checkboxes are blank!So, how is it that I can do SELECT, UPDATE, INSERT and DELETEoperations via this login/user?Sorry it all took so long - I just wanted to get it right.ThanksEdward--The reading group's reading group:http://www.bookgroup.org.uk

View 3 Replies View Related

SQL Security :: User Login Failed For Web Application

Nov 19, 2015

We have a Web application that requires user authentication.  We have a Login Page for user's to login and be authenticated.  We also manage the user accounts using SQL Server Membership Provider.  We created aLogin user in SQL Server and used this user's privileges to connect to SQL Server in our website's connection strings.  Example, in our Web.config file, the connection string is:

<connectionStrings>
  <addname="MyConnectionString"connectionString="Server=MYSERVERNAMESQLSERVER2012;Initial
Catalog=MyDatabase;User Id=TUser;Password=MyPassword"providerName="System.Data.SqlClient"/>
</connectionStrings>

The problem now is when a user logs in, it's throwing an error that TUser's password has already expired.  We did not enforce the password policy and expiration date for this user.  So, I'm wondering why it's giving me this error.

View 2 Replies View Related

SQL Security :: How To Get Specific Permissions Per User On Each Database

Nov 24, 2015

I'm trying to get specific permissions per user on each SQL database, would you let me know if it could be achieved e.g on an object level?

View 5 Replies View Related

SQL Security :: Sync AD User Credentials With Database

Mar 14, 2014

How Sync the user and password from my Active Directory, to a SQL Database. Actually, my environment have a database with users and password added, my custom applications uses it like a passport, but now I want to use Active Directory to control these users, but I can't use windows authentication in my old apps. I was reading about Forefront Identity Manager to do this, but I need a free solution. The Sharepoint database sync user credentials with AD?

MCTS Exchange 2010

View 3 Replies View Related

SQL Security :: How To Restrict User From Seeing Available Database On Server

May 22, 2015

We can restrict users from accessing the databases from the security. But is there anyway , we can restrict users from seeing the available databases on the server, user can access and see the database he or she has access to other databases will not be visible?

View 13 Replies View Related

How Do I Add An Importer As A User In My Sql Server Database Security Folder.

Dec 28, 2007

How do I add an Importer as a user in my sql server database security folder.
Regards
Karen

View 1 Replies View Related

Auditing User And Security Related Activities In SQLServer

Jul 23, 2005

On the other database types, there is an audit capability in that yourecord such items asfailed login attemptsattemtped access to tables user is not authroized tochanges to databse schemachanges to permissionschanges to logins (add, delete, lock, unlock, passwrod reset)All I can find in the SQLServer documentation is the reference totracking failed logins when you set up a database, plus the Profiler'sactivities.Yes, I'm taking voer my first SQLServer database and have been asked tomake sure that this database is closely monitored for inappripriateactivity.Questions:1) Does SQLServer have this capability? (Sybase has this, which iswhere I'm coming from)2) Does SQLServer do this automatically or do I have to set up theevents to be tracked as happens with Sybase?3) What commands are there for setting up these events to be tracked?Thanks in advance!

View 2 Replies View Related

Security For Row Level But Not Based On Database User's Login

Apr 21, 2006

HiI need to set security for row level but not based on Database user'slogin. It should be based on the user table login. For the particularuser I need to allow only the particular records to access insert,update delete and select.Let me explain clearlyFor example think we are using asp/asp.net websiteEg:www.test.comSo take this is our website and if you try this URL then you will get awindow for Login name and password.For example the Login name is windows user name (Here windows usermeans server windows user and not client) and windows password. So ifyou have login user id you can able to login in our site and we haveanother check. We have our own usertable this table consist all theuser login names and user rights. We will check the windows user whologin in our site has rights in the usertable I mean he is present inthe usertable if he is not present then we will display a message youhave no rights to access this site.If he has login id in our usertable then he allowed viewing ourpages. Still if he has the login id we will check the user who loginhas how much right to access to each page and the records of each tableits all depend on the user rights.So, here I need the row level security. For each and every table weneed to check the corresponding user and executing the record producelot of business logic problem for us.So after the user login we need automatically to set row levelsecurity for all the tables. Based on the user who login.So from there if we try select * from <tablename> then we can only ableto get the allowed records to select, insert, update, delete.Please can some one help how to solve this?Note:For some help you can refer the below URL (See in that they only givenabout the row level and column level security for each database usersnot for our required concept)http://www.microsoft.com/technet/pr...5/multisec.mspxThanks in advanceRams

View 1 Replies View Related

SQL Security :: How To Grant Two Tables (select Only) Access To New User

May 5, 2015

i want to create new sql user and grant him two tables access. we have several databases created on same server so we want to allow only two table in ABC database. user should not be able to see other databases and their tables. And user also should not be able to access any other tables in ABC database except two tables.

is there any query to deny all tables in schema for all clauses (Select, Update, Insert) then grant two tables to user with select clause?

View 17 Replies View Related

SQL Security :: Database TEST Is Already Open And Can Only Have One User At A Time

Apr 30, 2015

Database 'TEST' is already open and can only have one user at a time.

I also tried this command but having the same error.

Use Master
GO
Select * from master.sys.sysprocesses
Where spid > 50
            And dbid=DB_ID (‘StuckDB’))  -- replace with your database name

View 8 Replies View Related

Login Failed For The User (using Windows Integrated Security)

Aug 1, 2006

Hello Everyone,

I am trying to connect SQL database through code but I get this error,I have spent days to solve it but unfortunately I couldn't...Here is my code in VB express(OP:windows 2000 with SP4)I am new to VB,so it makes the situation more difficult for me.

my code is:

Public Class Form1



Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

Dim conn1 As SqlConnection = _

New SqlConnection("Data Source=.SQLEXPRESS;" & _

"Integrated Security=SSPI;" & _

"database=deneme3_database;")

'Open connection

conn1.Open()

MessageBox.Show("Connection succeeded.")

'Close connection

conn1.Close()

MessageBox.Show("Connection closed.")

End Sub



The error message is,it is in german but it is clear I guess:)

" Die von der Anmeldung angeforderte "deneme3_database"-Datenbank kann nicht geöffnet werden. Fehler bei der Anmeldung.
Fehler bei der Anmeldung für den Benutzer 'ADPLANatalay'. "





Thank you in advance!



Can



View 6 Replies View Related

SQL Security :: Giving Access To A User Using DOS-Batch Script

Oct 20, 2015

Is it possible for a batch command to give access or add a new role for the user to database? Basically:

USE my_Database
CREATE USER [User1] FOR LOGIN [User1] WITH DEFAULT_SCHEMA=
[dbo];
EXEC sp_addrolemember 'Application1', 'User1'
EXEC sp_addrolemember 'SQL_Read_Only', 'User1'

If User1 was already created then ignore that and run the exec sp_addrolemember. Next, 

EXEC sys.sp_change_users_login
@Action = 'Update_One',
@UserNamePattern = 'User1',
@LoginName = 'User1',
@Password = NULL

to link the orphan user within database.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved