elmerpevidal
asked on
How to protect a database from being accessed from Excel?
We have lots of pc based applications developed using VB. The programs resides on the our NT server and accessed by multiple users. Once a user a allowed to access the program, he has also access to the database location. This exposes the databases since this can be accessed using the excel or any other compatible database.
Question: what options do we have to protect the database from being viewed, amemded deleted and copied.
Question: what options do we have to protect the database from being viewed, amemded deleted and copied.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
Some of the ruleas are :
1) Never use 'sa' (or dbo) account to connect to SQL server.
2) Create different levels of user groups on database level and assign database users minimum rights in order to perform required tasks. This you will have to coordinate and test with your VB developers.
3) Also it is important to know what type SQL login environment you are having. Is it integrated, standard or mixed. If it is integrated you will also have to involve your NT user administrator.
Hope this helps.
Some of the ruleas are :
1) Never use 'sa' (or dbo) account to connect to SQL server.
2) Create different levels of user groups on database level and assign database users minimum rights in order to perform required tasks. This you will have to coordinate and test with your VB developers.
3) Also it is important to know what type SQL login environment you are having. Is it integrated, standard or mixed. If it is integrated you will also have to involve your NT user administrator.
Hope this helps.
An option which works well is to only use stored procedure. That way users don't have direct access to tables. They do have execute on the stored procedures, but they would need to know the names and what needs to be passed (and most MIS people can't figure that out ;)
David
David
Views are used for this purpose. You can grant permissions to a view and not to the underlying tables. The views can query just the columns needed. They are used the same as a table.
ASKER