July 24, 2008 at 7:41 am
Would a DDL Trigger work for you? The DDL Trigger would determine if the server name is A or B, and allow or deny the connection for a specific login based on this information.
Here is an example of a logon trigger that checks against a list of servers and logins.
http://blogs.technet.com/vipulshah/archive/2007/12/04/ddl-triggers-and-logon-triggers.aspx
I haven't played with Log Shipping so I do not know if this would work - please let me know.
Herve Roggero
hroggero@pynlogic.com
MCDBA, MCSE, MCSD
SQL Server Database Proxy/Firewall and Auditing
July 24, 2008 at 11:39 pm
Thanks Herve, I'll take a look at the article.
July 27, 2008 at 10:07 pm
I've discovered that this can be actually acheived in SQL 2005 similar to the way , the steps are pretty simple...
On the Primary Server
1. Create a Login on the primary server that will not be disclosed to the client Login_Not_Disclosed_To_Client
2. Create a User in the source database on the source server User_Disclosed_To_Client and assign appropriate role.
On the Secondary Server
1. Determine SID value for the User User_Disclosed_To_Client i.e. select SID from .sys.sysusers where name = 'User_Disclosed_To_Client'
2. Create a Login on the secondary server that will be disclosed to the client using the SID obtained in the previous step Login_Disclosed_To_Client i.e. CREATE LOGIN Login_Disclosed_To_Client WITH PASSWORD = 'password_disclosed_to_Client', SID =0xAB0847966CD2CF47AD1E0A6FCC521C42, CHECK_POLICY = OFF
And your done, the client now has access to the secondary server, but unless they obtain the login credentials to the primary server, they won't be able to access it.
Cheers, Col
Viewing 3 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply