April 1, 2009 at 2:10 pm
For SQL Server 2005 and SQL Server 2008.
We found an enterprising user that made his own ODBC, used his OS/authentication that an existing application uses, and created his own access database application. No malicious intent, just trying to do things (he thought) better and faster.
Lets leave out "Don't allow ODBC's to be created" discussion.
Are there different methods so "MyApplication" with "domain\userFred" is the only way Fred has access to the database? The vendor application ONLY uses authenticated user access. Some users are explicitly listed in the database, others are in domain groups.
Also, any way to do this in sql 2000? SQL 2000 is not an issue right now, but could be.
Thanks,
Joseph
April 1, 2009 at 2:23 pm
IN 2005 and 2008 you could use a LOGON TRIGGER and check the application name, but be aware that this can be passed as part of the connection string so your real application can be spoofed.
I don't know of a way to do this in 2000.
Scenarios like this is why I don't believe in granting direct table access. If everything is done with SP's, Views, and UDF's then the users can't do this.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
April 1, 2009 at 3:26 pm
In SQL 2000 you could write a script using sp_who2 and create a job to run every min and kill connections where ProgramName like 'Microsoft Office%'. That's a pretty hokey way to do things.
In 2008 you can use resource governor to limit CPU and memory by application and limit Microsoft Office to 1% of each so they can't hog resources. This of course doesn't keep them from using MS Access.
Just throwing out a couple ideas.
April 1, 2009 at 3:34 pm
Did you look into application roles?
Brian Kelley's article below pretty much describes your scenario. Maybe it's an option, even with all the con's...
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply