Post reply

Inactive database user?

  • February 10, 2011 at 4:06 am

    #233384

    Hello all,

    I want to automatically logout the inactive users from sql server 2005/2008 after certain time limit(ie. after 5minute).

    Is there anyway to do so by management studio or some script?

    Need your help!

    Regards,

    Charlie

    ---------------------------------------------------
    The Greatest pleasure in life is doing what people say you can't do! 🙂

    MS-ACCESS DBA!! :hehe:

  • February 10, 2011 at 4:22 am

    #1285070

    you can leaverage the dynamic management view to check the inactive users.

    Abhijit - http://abhijitmore.wordpress.com

  • February 10, 2011 at 5:58 am

    #1285108

    Charlie.anna (2/10/2011)

    I want to automatically logout the inactive users from sql server 2005/2008 after certain time limit(ie. after 5minute).

    Why?

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • February 10, 2011 at 6:51 am

    #1285143

    @abhijit-2 More

    I am not an advance user, just a programmer so would you please describe 🙂

    ---------------------------------------------------
    The Greatest pleasure in life is doing what people say you can't do! 🙂

    MS-ACCESS DBA!! :hehe:

  • February 10, 2011 at 6:53 am

    #1285144

    @gilamonster

    Its just a requirement, i hope by doing this i will not break any law :unsure:

    ---------------------------------------------------
    The Greatest pleasure in life is doing what people say you can't do! 🙂

    MS-ACCESS DBA!! :hehe:

  • February 10, 2011 at 7:11 am

    #1285156

    Charlie.anna (2/10/2011)

    Its just a requirement, i hope by doing this i will not break any law :unsure:

    I'm asking because there are very few good reasons to do this and if you do all your application have to be able to deal with connections that they think are open being closed underneath them, transactions being rolled back that should have been committed, etc.

    May I suggest you go to the person who requested this and find out more information on why?

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • February 14, 2011 at 8:29 am

    #1286523

    Some applications create a connection to the db and stay idle and connected to the db. That way when data is requested it simply reuses that idle connection. Killing them defeats that purpose and will fill up your SQL Server log with killed connections.

  • February 14, 2011 at 8:40 am

    #1286529

    Markus (2/14/2011)

    Some applications create a connection to the db and stay idle and connected to the db. That way when data is requested it simply reuses that idle connection. Killing them defeats that purpose and will fill up your SQL Server log with killed connections.

    And may cause application errors if the application is not set to handle connections that it thinks are open but are not.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • April 2, 2018 at 11:30 pm

    #1985232

    Dear Gail
    I was also asked by the CISO of the company to do the same. His request was:

    The security administrator should set resource limit for the amount of time a user session can be inactive (long running queries and other operations not considered inactive) to disconnect users once threshold is met. Privileged user IDs should have a limit of 5 minutes of inactivity and normal end-user accounts should have a limit of 15 minutes.

    Apparently this is a new security requirement being implemented across organizations

    How do i perform this action?
    If its not recommended then please provide me with a justification to prove to the CISO that its not a best practise of SQL Server

    have a lovely week
    Hurricane

  • April 3, 2018 at 2:35 am

    #1985245

    It's not a 'best practice', and finding justification will be rather hard, as people seldom write articles on 'this non-existent security practice is not a good idea'

    See my comments from 7 years ago on the problems it can cause with the applications.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • April 3, 2018 at 10:54 am

    #1985330

    GilaMonster - Tuesday, April 3, 2018 2:35 AM

    It's not a 'best practice', and finding justification will be rather hard, as people seldom write articles on 'this non-existent security practice is not a good idea'

    See my comments from 7 years ago on the problems it can cause with the applications.

    Would it be practical to separate out actual users as opposed to application-based connections?  That way, you're not affecting the applications, only the SSMS users (or other query tool)...
    I have a hard time believing someone gets to CISO level without any concept of the difference between a query writer in SSMS and an application specific id, so I can't imagine that the CISO would really want his supported applications knocked down without a fight...

    Steve (aka sgmunson) 🙂 🙂 🙂
    Rent Servers for Income (picks and shovels strategy)

Viewing 11 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic. Login to reply