Site-Wide Security: Restrict Access
Feb 27, 2007
Hi,
I have added several Active Directory groups and set the system roles for each to "System User" and set one of the groups (DBAdmin) to "System Adminstrator"
My issue is that even after doing this, the users in the other groups are able to access the "Configure site-wide security" link under Security and change the permissions. The only system permission these users have is "View shared schedules" so it doesn't seem that this should be possible.
I would appreciate any feedback on this issue. Thanks!
View 1 Replies
ADVERTISEMENT
Aug 23, 2015
We have a situation where we need to restrict access to a sql server data file. That is, to prevent users viewing any tables, stored procedures, etc, in sql server or another tool. We are providing a our database as part of an application install to a customer's site which will run isolated on the customers network. However the application will have sql server logins and the system must still be able to execute stored procedures.
The setup unfortunately cannot be changed and we are trying to think of best implementations for this. Our customers are also working with competitors so we are very conscious about exposing our data structures to anyone outside of our company, hence trying to restrict access. If deployed to a sql instance on the customer site then they will have database administrator accounts on the server.
View 8 Replies
View Related
Mar 6, 2007
How might I Restrict ASP.NET app DB permissions using Integrated Security?
I can see how it's done with SQL Authentication, but I'd prefer to do it with Windows Authentication.
Is it a matter of restricting the permissions of the general ASP.NET user (€œNT AUTHORITYNETWORK SERVICE€?)...seems like it might affect too much.
Or can I have a Windows user/identity/account that is specific to a single ASP.NET Application?
Any guidance on this would be appreciated.
Thanks!
View 3 Replies
View Related
Sep 23, 2015
I have created a user Finance and I want to grant him access only to see views which are created under Schema called "FinanceQuery".
Note: View may use tables from multiple schemas example: dbo. Staging. ectÂ
By doing this, I want to achieve that this user Finance can see only Views created under Schema FinanceQuery and should not see any other objects (tables, Stored Procedures, Functions etc.)
View 3 Replies
View Related
May 22, 2015
We can restrict users from accessing the databases from the security. But is there anyway , we can restrict users from seeing the available databases on the server, user can access and see the database he or she has access to other databases will not be visible?
View 13 Replies
View Related
Nov 9, 2015
I want to grant CREATE, ALTER, VIEW permission to user but not DML permission?
So user can create Object but can't drop and delete it or user cant insert , update,delete from table.
I have Given db_datareader,db_denydatawriter, and granted create, select, alter permission.
But user is able to drop.
View 3 Replies
View Related
May 28, 2008
Hi
Is it possible to restrict what IP numbers can access a sql server 2005 (can this do done in sql server 2005)?
View 3 Replies
View Related
Nov 12, 2001
Hi,
Is there a way to prevent new users from accessing a SQL2000 db (like to put it into DBO mode) while leaving current users finish their running jobs.
I tried Alter Database and sp_dboptions and both in SQL2000 requires to close all current users. It was working in SQL7 but not in 2000.
Thanks
AAA
View 3 Replies
View Related
Dec 7, 1999
Is there any way of not allowing users with MS Access from using it to connect to a SQL 7 server? Basically, no connection to SQL through MS Access should be allowed. Any ideas?
View 2 Replies
View Related
May 27, 2005
Hello Everybody,
I need some help.
When we install the Database at the clients end, the client can see all
the SQL tables, views and stored procedure in the Enterprise Manager.
Is there a way via which you can restrict the client from viewing the
tables in SQL Enterprise manager?
I hope you understand my question.
I would be oblidged if my friends could help me...
Thanks
View 1 Replies
View Related
Mar 25, 2008
My users have sa rights to our SQL servers. I want to restrict their access to the C: so that they do not restore DB's there.
I thought at first I could create a Windows user that runs the SQL Service then grant them read rights to the C:. This does not give the user enough rights to start the service.
View 14 Replies
View Related
Mar 26, 2008
My users have sa rights to our SQL servers. I want to restrict their access to the C: so that they do not restore DB's there.
I thought I could create a Windows user that runs the SQL Service then grant them read rights to the C:. This does not give the user enough rights to start the service.
View 1 Replies
View Related
Oct 2, 2007
In SQL2005, is it possible to restrict incoming sql or windows authentication logins by source hostname or IP address? Perhaps using endpoints?
We are currently using hosts file on the db server as a temporary solution, but the SA will not allow us to use this as a permanent solution.
The app team I support is asking me to build an "idiot proof" database so that an Dev or Test app server they may configure, doesn't unintentionally connect to the Production database and damage/alter data.
Don't worry, I've already asked if they can't follow some kind of M&P's to prevent this kind of silly behavior, but they insist on DBA team creating a bullet-proof database that can outsmart app developers who try to attempt something dumb like this.
Any ideas or suggestions would be greatly appreciated.
TIA,
Phil
Phil Streiff
View 2 Replies
View Related
Mar 6, 2008
Dear Gurus,
I need to do the following in SQL Server 2005:
1. Restrict access of user SA to my database
2. Encrypt contents of the whole database. Is there anything available in SQL Server 2005 (server or DB settings) which encrypt the contents. I do not want to explicitly encrypt individual columns !!
Thanks in advance
Anjum
View 3 Replies
View Related
Apr 5, 2006
Hi,
I have few SQL user who has permissions on different databases. When they are accessing MSSQL server from Enterprise Manager they can see all Databases but can not access them and they can change file size allocated to them. I want to restrict this and they can only see database belongs to respective user and restrict user to change allocated size. Please help me with this as I am not able to find the solution.
Thanks & Regards,
Gaurav
View 1 Replies
View Related
Sep 16, 2015
I have a single database and 5 user which use this database for DDL and DML operations.
The problem we are facing here is, every time a user need to do some work in this database he/she had to ask(manually) to rest of the 4 users whether they are doing some task over the same DB or not. Sometime due to communication gap one user open any transaction which creates a deadlock for another user to execute any query over the same tables in this DBI want to get rid of this problem by making it configurable from SQL Server part so that if any user which is already accessing this DB, so the other user don't get access to it, Â kind of Mutually exclusive behavior.
How to do this.
View 2 Replies
View Related
Jun 16, 2007
Hi
I'm looking to deploy some SQL Server reports and I want to restrict the access that the users have. Currently when connecting to the reports site they have access to a lot of functionality through the header bar, for example
- Properties
- New Folder
- New Data Source
- My Subscriptions
- Site Settings
- Search
etc.
How can I disbale or hide all these options so that all the user sees is the list of reports?
Thanks in advance
Mark
View 1 Replies
View Related
Jul 20, 2005
Hello AllI am using SQL server 2000 as the backend of my application but don'twant my clients tobe able to view or edit the database tables, storedprocedures , view etc using enterprise manager or query analyser (orsimilar tools)How can this be done ?I searched a lot for this but unable to get the correct answer isthere anybody to give full solution regarding this.Please relpy me as early as possible
View 2 Replies
View Related
Oct 14, 2005
Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.
View 9 Replies
View Related
Sep 29, 2015
I have two databases DB1 and DB2 DB1 has a source table named 'Source' I have created a login 'Test_user' in DB2 with Public access. I have also created a view named 'Test_view' in DB2 which references data from DB1.dbo.Source
How can I do the following: AS A Test_user
SELECT * FROM DB2.dbo.Test_view --Should work
SELECT * FROM DB1.dbo.Source --Should Not work
View 2 Replies
View Related
Sep 29, 2015
I have two databases DB1 and DB2 DB1 has a source table named 'Source' I have created a login 'Test_user' in DB2 with Public access. I have also created a view named 'Test_view' in DB2 which references data from DB1.dbo.Source
How can I do the following: AS A Test_user
SELECT * FROM DB2.dbo.Test_view --Should work
SELECT * FROM DB1.dbo.Source --Should Not work
View 3 Replies
View Related
May 17, 2000
Does any one have information on any good Access Sites that are similar to this one, which could be helpful in completing some task. Thanks.
View 1 Replies
View Related
Dec 4, 2007
Clearly, my code isn't written as well as it should be. I don't understand enough about data access and could use some help.I have several database tables, but one primary table that is the most accessed. Generally, I need to build a list from the data based on some filter. I'm using a repeater control, since all I need to display per record is a name, maybe a city or birthday, and possibly a little graphic, and my customer doesn't want a grid type of display. The filter is determined by the page requested. The exception is a search page where the user builds the filter and a grid is used to display the results.The results always contain a link to a page that has more detail on the selected record. What is the best way to handle this? I'm still trying to get a handle on different ways to get data and I'm not doing much with caching. Would it make sense to keep the data in memory from the page that displays the list (or search page) to the detail page? What if the detail page is accessed directly, say from a bookmark? How do I cache this?I'm currently using strongly typed datasets.Below is an example of what I'm doing - this is from the code behind of one of the list pages - members with birthdays this month. Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Dim theMonth As String = DateTime.Now.ToString("MMMM") Me.LabelMonth.Text = theMonth Dim MemberAdapter As New WAPTableAdapters.membersTableAdapter Repeater1.DataSource = MemberAdapter.GetBirthday("Female", DatePart("m", Today)) Repeater1.DataBind() Repeater2.DataSource = MemberAdapter.GetBirthday("Male", DatePart("m", Today)) Repeater2.DataBind() End Sub Protected Sub Repeater1_ItemDataBound(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.RepeaterItemEventArgs) Handles Repeater1.ItemDataBound If e.Item.ItemType = ListItemType.Item OrElse e.Item.ItemType = ListItemType.AlternatingItem Then Dim LabelIcon As Label = CType(e.Item.FindControl("LabelIcon"), Label) Dim person As WAP.membersRow = CType(CType(e.Item.DataItem, System.Data.DataRowView).Row, WAP.membersRow) If System.IO.File.Exists(Server.MapPath("~/images/picts/" & person.FILE2 & ".jpg")) Then LabelIcon.Visible = True End If End If End Sub Protected Sub Repeater2_ItemDataBound(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.RepeaterItemEventArgs) Handles Repeater2.ItemDataBound If e.Item.ItemType = ListItemType.Item OrElse e.Item.ItemType = ListItemType.AlternatingItem Then Dim LabelIcon As Label = CType(e.Item.FindControl("LabelIcon"), Label) Dim person As WAP.membersRow = CType(CType(e.Item.DataItem, System.Data.DataRowView).Row, WAP.membersRow) If System.IO.File.Exists(Server.MapPath("~/images/picts/" & person.FILE2 & ".jpg")) Then LabelIcon.Visible = True End If End If End Sub It seems pretty simple and straightforward to me, but these pages shouldn't be crashing when the site gets busy, so I have to be doing something wrong. Diane
View 5 Replies
View Related
Sep 12, 2007
Hi all,
I followed this excellent tutorial (from Microsoft) about creating and using a SQLExpress db table internal to your website:
http://www.asp.net/learn/videos/video-08.aspx
and the site I created works just fine - locally. When I publish to my web host provider I get this error:
[SqlException (0x80131904): An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)]
My web host provider supports .NET 2.0 but doesn't support MS SQL Server. But that should matter - right? Because I'm putting the db instance right in the website?
I did a search and followed some of the advice:
I went into the SQL Server Surface Area Config Mgr and set SQLExpress for local and remote connections and rebooted/republished. I also have SQL Server 2005 installed as a separate entity (if that makes a difference).
I still get the above error. This is the connection string from the web.config:
<connectionStrings><add name="ConnectionString" connectionString="Data Source=.SQLEXPRESS;AttachDbFilename=|DataDirectory|Customers.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
</connectionStrings>And this is the call from the markup:
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>"
SelectCommand="SELECT * FROM [Customer]"></asp:SqlDataSource>
Does any know the fix for this?
Thanking you in advance
Pat
View 4 Replies
View Related
May 15, 2008
Hi all,
I have some problem about Reporting Service integrated for SharePoint 2007.
At first, I created 1 user named "User1" under "Domain1". User1 has role "SharePointAdmin" Group and Local Admin Group.
Then I created application pool named "RSAppPool". Its identy was "Domain1User1".
After that, I install Reporting Service and SP2.
Then I config Reporting Service to Integrated Sharepoint Mode below.
Report Server Directory Setting: "ReportServer" in "Default Web Site".
Window Service Identity:
Service Account : "Domain1User1" (Windows Accout)
Web Service Identity:
Report Server: "RSAppPool" (that created above)
Report Manager: Empty
Database Setup:
Database name: Database1 (Server Mode: SharePoint Integrated)
Credential Type : Windows Credentials
Account Name: Domain1User1
After configuration, I reset IIS and test browse to http://servername/ReportServer/ , then there is a Windows Login dialog.
I enter "Domain1User1" and User1's password. But User1 cannot right to access to "ReportServer" virtual directory.
This is error message
You are not authorized to view this page
You do not have permission to view this directory or page using the credentials that you supplied.
HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.
Internet Information Services (IIS)
I'm not sure. Where is I config wrong? ....
Please help me.
Thank you very much.
View 1 Replies
View Related
Nov 22, 2006
I am setting up the SQL2005 reporting service to let users build their own reports on the web. I'll provide them with pre-built report models. We have concern with SQL database performance by allowing users to execute huge reports. The problem that I have is: If I give the users permissions to build report they'll have access to the report's Properties | Execution page, which allows them to disable the report execution timeout. Is there a way for me to allow them build reports while restrict them to access the report execution timeout settings?
Please advise. Many thanks.
View 1 Replies
View Related
Jan 3, 2006
Applied Access security feature to a database using its Security Wizard. Procedure went smoothly.
Been developing a software using VB 6.0 using an Access database as the main data source. Haven't had any problem manipulating the database via VB, but recently attempted to modify the database structure via Access, but was unable to do so, because either my username or password is allegedly invalid. Tried all passwords I can recall, but unable to get through. Haven't been able to create a new database, either.
Development of the software and creation of the Access database is being done on a stand alone laptop, that may or may not have been a workstation in a network.
Any help to resolve this issue would be appreciated.
Napatan
View 2 Replies
View Related
Aug 24, 2006
I would like some clarification please...
I have setup Windows Authentication to SQL2005 using a group with a default database. The group has access to the default database.
Now it's my understanding, if I have a user that's a member of the group, idividual access does not need to be setup to connect to SQL Server. Users connect on the credentials of the group... Is this a correct interpretation??
Ex: Windows groupname = SQLConnect Default db = Anydb
Anydb has groupname SQLConnect connect permissions
Windows username = test1 (is member of SQLConnect group)
Problem: test1 trys to login but gets an error that they can't connect to default db...
View 1 Replies
View Related
May 11, 2007
Hello,
I'm new to ASP, but developping in Sql for years.
What we would like to have is that the user is accessing the database over it's own Windows Logon. Our triggers log quite some changes and are using UserName() for this. I've treid to force the IIS to accept Windows Integration only, the SqlDataSource users a connection that has Integrated Security = True. But when connection to the site i'm gatting error that there is no trusted connection for the user . (dot) ...
I suppose i'm missing something but could you give me a hint where to start looking..... THX
View 3 Replies
View Related
Aug 22, 2001
In the process of reviewing all Security access into our production servers, I found a user login name of 'BUILTIN/Administrators' with the type 'NT Group' in our production DB. I am not sure whether this Login was setup automatically when SQLServer was installed or it was setup by the administrator, who is no longer with the company? I was able to find out all the users in the Administrators NT group, but what threw me was the word 'BUILTIN' . Are there other Logins besides 'sa' that get setup during the install?
Thanks.
Helen
View 1 Replies
View Related
Jan 26, 2001
I am using Access 97 as a front end to access SQL 7 server on NT 4.0 server.
I've set up security model based on NT authentication only. Users have login right to login to SQL and they have public & dataread & denydatawrite access. They also have SELECT permission on a table object and have no permission to INSERT, DELETE and UPDATE.
When I use Access 97 to access a database, users are still capable of inserting and deleteing records in tables.
Am I doing something wrong?
Thanks, Michael.
View 1 Replies
View Related
Jan 20, 2004
I HAVE CREATED A SECURITY DATABASE USING A NEW WORKGROUP FILE WITH A NEW MDW FILE NAME. THE DATABASE ITSELF CONTAINS SEVERAL GROUPS OF USERS AND SEVERAL USERS. THE DATABASE WORKS AS DESIGNED.
THE PROBLEMS IS IF I OPEN THIS DATABASE USING THE SYSTEM.MDW FILE, THE DATABASE OPENS AND GIVE ME COMPLETE ACCESS TO EVERYTHING.
CAN ANYONE EXPLAIN WHAT IS HAPPENING.
ANY HELP WILL BE APPRECIATED
THANKING YOU IN ADVANCE
JOSEPH FORD
View 14 Replies
View Related
Jul 20, 2005
First of all, I have never done any web-based stuff, so if thefollowing sounds ignorant, it's because I am!So far all our SQL Servers are accessed only over our network and weuse Windows authentication. Now the guy I'm working with on thedesign of our next stuff wants the two new databases (a transactionalone and my data warehouse) to be additionally accessed by web-basedapplications via our company intranet (NOT THE INTERNET). How do weauthenticate under these conditions? The webserver machine will betalking to the SQL Server ones, i.e. the databases will each be on thetheir own separate boxes. Can the webserver be a "user"? If so,and we want the actual users to have different privileges, then theweb-based apps have to manage that? Or is there a way for theweb-based apps to grab the Windows user and pass it to SQL Server?
View 7 Replies
View Related