Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Denying access to Enterprise Manager

Posted on 2004-08-09
12
Medium Priority
?
448 Views
Last Modified: 2013-12-03
A user wants to have a user that can read/write to the database from the server (ASP pages) but NOT be able to login through Enterprise Manager.  Is this even possible?
0
Comment
Question by:gexen
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 50

Expert Comment

by:Lowfatspread
ID: 11755644
not sure i understand

why would the user have access to enterprise manager?
0
 
LVL 1

Author Comment

by:gexen
ID: 11755696
I'm by no means an MSSQL expert (far from it) but I was under the impression that by default any user could log into Enterprise Manager as long as they have a SQL username and password.  Then, their appropriate permissions would limit them to whatever they were doing.  
0
 
LVL 50

Expert Comment

by:Lowfatspread
ID: 11755806
basically yes...

and basically once the have an ID & password with some authority
there isn't anyway to stop them using it as they see fit...

which is why its bad to give out datareader/datawriter and allow users to have access
to dynamic sql generation facilites...

since any old ODBC providing tool  MS Word, Excell, etc allows them to interact with the database...

I still ask why they would have direct access to Enterprise Manager or any Standard DB tool...

(ok they can still install there own version... and gain client access...)

whats the real problem ?

   
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
LVL 1

Author Comment

by:gexen
ID: 11755969
We host SQL databases for several clients who connect to their databases from home to edit them.
0
 
LVL 70

Expert Comment

by:Scott Pletcher
ID: 11757493
Of course you could have a job that ran every, say, 10 seconds and KILLed any task (that's not authorized) with a program_name = N'MS SQLEM'  (in sysprocesses) :-) .
0
 
LVL 18

Expert Comment

by:ShogunWade
ID: 11772036
Or have a batch processess printing out P45s for people who dont behave :)
0
 
LVL 1

Author Comment

by:gexen
ID: 11795198
Moderator, please kill this thread, a realistic answer does not exist for this question.
0
 
LVL 18

Accepted Solution

by:
ShogunWade earned 2000 total points
ID: 11795267
The "realistic" answer is that if you allow someone to have sql client tool installed and give them permisions to access a database then there is nothing you can do.   So either :

a) You need to restrict access (by uninstalling) client tools from machines, or
b) Limit peoples access using better security in SQL Server, thus preventing users from doing much in enterprise manager., or
c) Impose a corporate policy banning the use of enterprise manager.

Fundamentally Enterprise manager (as with the rest of sql client tools) are designed and provided for the management (dbo type stuff) and /or developers.  Users dont need it and shouldnt have it generally.
0
 

Expert Comment

by:jjarnold
ID: 12183247
This can be accomplished by setting the database options for "Restrict Acess" to: 'members of db_owner, dbcreator, or sysadmin' in enterprise manager.

Right-Click the database in question, and select the 'Options' tab.  You'll see the setting there.

By doing this your sql logins can still acess the database under the permissions given in their role membership, but any attempt to mange the db in SQLEM will fail.
0
 
LVL 18

Expert Comment

by:ShogunWade
ID: 12188240
NO!  You couldnt be more incorrect.  

The questioner asked how to restrict access to enterprise manager.   what you have suggested is a way to ristruct access to a specific database to members of "Administrative" groups.  

In addition: " sql logins can still acess the  database under the permissions given in their role membership"   this is absolutely untrue.   Unless all your users are  either in  db_owner, dbcreator, or sysadmin roles!

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Access has a limit of 255 columns in a single table; SQL Server allows tables with over 255 columns, but reading that data is not necessarily simple.  The final solution for this task involved creating a custom text parser and then reading…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question