SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


sa with Great Plains SOX compliance.


sa with Great Plains SOX compliance.

Author
Message
william dager
william dager
Forum Newbie
Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)

Group: General Forum Members
Points: 5 Visits: 1

Forgive my question if it has already been answered elsewhere. Would appreciate links to the forums that help.

I'm a SQL Server novice, but i'm learning (used to Oracle), and I've been asked to get SOX compliant with Great Plains from Microsoft (know even less about Great Plains). I'm sure many of you know that pain.

I am told GP only allows access with the sa login. Is there a way to find out the box IP and/or windows login of the person logging into SQL Server with sa? Is there any 3rd party software that might provide that information?

Would appreciate any help or suggestions. Thanks.


Jeff Gray
Jeff Gray
Ten Centuries
Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)

Group: General Forum Members
Points: 1255 Visits: 389

You can find out the hosname (usually) of a connection by running the sproc [master].[dbo].[sp_who2]

It will list the login name, SPID, Hostname, and a bunch of other useful things. If the application connects to the SQL server using SQL authentication, then no, you will not know their windows login. I don't believe that the windows login name is exposed to the connection in any way that would allow it to be learned from SQL server. I'm not 100% positive, however.

I do believe that GP requires that the sa account be used to perfom certain administration tasks, but the users connect with SQL server user names. At least that's how the last GP system I used was working.

jg


Rudyx - the Doctor
Rudyx - the Doctor
SSCarpal Tunnel
SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)

Group: General Forum Members
Points: 4781 Visits: 2503
Working with "Great Pains" ... another great MS purchase absorbing the competition ... my sympathies to you since I remember the pre and post purchase days ...

Regards
Rudy Komacsar
Senior Database Administrator

"Ave Caesar! - Morituri te salutamus."
jimf007
jimf007
SSC-Enthusiastic
SSC-Enthusiastic (100 reputation)SSC-Enthusiastic (100 reputation)SSC-Enthusiastic (100 reputation)SSC-Enthusiastic (100 reputation)SSC-Enthusiastic (100 reputation)SSC-Enthusiastic (100 reputation)SSC-Enthusiastic (100 reputation)SSC-Enthusiastic (100 reputation)

Group: General Forum Members
Points: 100 Visits: 191

Can confirm that Jeff is right in saying

"I do believe that GP requires that the sa account be used to perfom certain administration tasks, but the users connect with SQL server user names"

One question the Auditors like to ask is if they are a user in GP doesn't that mean they have DB access rights. Answer is that their password is encrypted in the DB so users cannot just us ODBC to access the database directly

With reagrds to sa it may be possible to set up a user in GP and then give them admin right in SQL to be able to do the restricted tasks. Its one of the down sides of GP - you cannot just give these permisssions to users but one way of getting SOX Compliance. The way we are getting round the issue at present is to only aloww one or two DBAs to have access to the pasword and then changing the password on a regular basis.

Hope this helps

Jim





Herve Roggero
Herve Roggero
SSC-Enthusiastic
SSC-Enthusiastic (114 reputation)SSC-Enthusiastic (114 reputation)SSC-Enthusiastic (114 reputation)SSC-Enthusiastic (114 reputation)SSC-Enthusiastic (114 reputation)SSC-Enthusiastic (114 reputation)SSC-Enthusiastic (114 reputation)SSC-Enthusiastic (114 reputation)

Group: General Forum Members
Points: 114 Visits: 52

Hi - If I understand your question you are trying to find out if you can identify who is using the 'sa' account and from where.

There is a solution out there but I can't post this on this thread since it could be considered advertising. Please contact me (hroggero001@hotmail.com) and I can provide you with the company name/product that achieves what you are looking for.

The solution will allow you to:

> Block the use of 'sa' from any machine outside of the database server itself and the GP box

> Log all attempts to use the 'sa' account from anywhere along with the IP address

> Use 2-factor authentication (extreme case) if you want to know who is actually using 'sa' and from which IP/MAC address

> Ensure that 'sa' is only usable by GP and not Query Analyzer

Regards,

Herve



Herve Roggero
hroggero@pynlogic.com
MCDBA, MCSE, MCSD
SQL Server Database Proxy/Firewall and Auditing
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search