Solved

Denying access to Enterprise Manager

Posted on 2004-08-09
12
435 Views
Last Modified: 2013-12-03
A user wants to have a user that can read/write to the database from the server (ASP pages) but NOT be able to login through Enterprise Manager.  Is this even possible?
0
Comment
Question by:gexen
  • 3
  • 3
  • 2
  • +2
12 Comments
 
LVL 50

Expert Comment

by:Lowfatspread
ID: 11755644
not sure i understand

why would the user have access to enterprise manager?
0
 
LVL 1

Author Comment

by:gexen
ID: 11755696
I'm by no means an MSSQL expert (far from it) but I was under the impression that by default any user could log into Enterprise Manager as long as they have a SQL username and password.  Then, their appropriate permissions would limit them to whatever they were doing.  
0
 
LVL 50

Expert Comment

by:Lowfatspread
ID: 11755806
basically yes...

and basically once the have an ID & password with some authority
there isn't anyway to stop them using it as they see fit...

which is why its bad to give out datareader/datawriter and allow users to have access
to dynamic sql generation facilites...

since any old ODBC providing tool  MS Word, Excell, etc allows them to interact with the database...

I still ask why they would have direct access to Enterprise Manager or any Standard DB tool...

(ok they can still install there own version... and gain client access...)

whats the real problem ?

   
0
 
LVL 1

Author Comment

by:gexen
ID: 11755969
We host SQL databases for several clients who connect to their databases from home to edit them.
0
 
LVL 69

Expert Comment

by:ScottPletcher
ID: 11757493
Of course you could have a job that ran every, say, 10 seconds and KILLed any task (that's not authorized) with a program_name = N'MS SQLEM'  (in sysprocesses) :-) .
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 18

Expert Comment

by:ShogunWade
ID: 11772036
Or have a batch processess printing out P45s for people who dont behave :)
0
 
LVL 1

Author Comment

by:gexen
ID: 11795198
Moderator, please kill this thread, a realistic answer does not exist for this question.
0
 
LVL 18

Accepted Solution

by:
ShogunWade earned 500 total points
ID: 11795267
The "realistic" answer is that if you allow someone to have sql client tool installed and give them permisions to access a database then there is nothing you can do.   So either :

a) You need to restrict access (by uninstalling) client tools from machines, or
b) Limit peoples access using better security in SQL Server, thus preventing users from doing much in enterprise manager., or
c) Impose a corporate policy banning the use of enterprise manager.

Fundamentally Enterprise manager (as with the rest of sql client tools) are designed and provided for the management (dbo type stuff) and /or developers.  Users dont need it and shouldnt have it generally.
0
 

Expert Comment

by:jjarnold
ID: 12183247
This can be accomplished by setting the database options for "Restrict Acess" to: 'members of db_owner, dbcreator, or sysadmin' in enterprise manager.

Right-Click the database in question, and select the 'Options' tab.  You'll see the setting there.

By doing this your sql logins can still acess the database under the permissions given in their role membership, but any attempt to mange the db in SQLEM will fail.
0
 
LVL 18

Expert Comment

by:ShogunWade
ID: 12188240
NO!  You couldnt be more incorrect.  

The questioner asked how to restrict access to enterprise manager.   what you have suggested is a way to ristruct access to a specific database to members of "Administrative" groups.  

In addition: " sql logins can still acess the  database under the permissions given in their role membership"   this is absolutely untrue.   Unless all your users are  either in  db_owner, dbcreator, or sysadmin roles!

0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Suggested Solutions

Nowadays, some of developer are too much worried about data. Who is using data, who is updating it etc. etc. Because, data is more costlier in term of money and information. So security of data is focusing concern in days. Lets' understand the Au…
Slowly Changing Dimension Transformation component in data task flow is very useful for us to manage and control how data changes in SSIS.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
Viewers will learn how the fundamental information of how to create a table.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now