Solved

Unable to restrict access to Oracle Database from Excel 2003

Posted on 2011-03-16
2
587 Views
Last Modified: 2012-05-11
I need to restrict access to the company Oracle Database using Office Excel 2003 in the following context:

- all users are on terminal server Windows 2008 R2 SP1 (x64)
- Excel 2003 SP3 properly working (11.8169.8329)
- server has Oracle client installed (mandatory for the ERP application)
- currently, users may very easily open the Database from Excel 2003 [data->External data->...]
  using login and password they have for the ERP/Oracle application

I tried to restrict access to the data from this way with preventing access to .odc files with a GPO and have set the Excel 2003:
"Block opening Database and Datasource files" policy setting Enabled and "check to enforce" which in turn set the key:
"HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Excel\Security\FileOpenBlock\DatabaseandDatasourceFiles":DWORD=1

- the key is properly distributed on the server (veriofied) BUT HAS NO EFFECT
- setting an other key like changing the macro security level with the same policy file distribute the key and the effect is correct

- is it the wrong way
- Is an other global setting with more priority ?

Thanks in advance for any help
0
Comment
Question by:orieben
2 Comments
 
LVL 34

Accepted Solution

by:
johnsone earned 125 total points
ID: 35150841
You could do it with a login trigger on the database side.

I did not test it, but it should be pretty close to what you need.

There is a way around it, all you have to do is rename the executable on the Windows side, but most users wouldn't be able to figure that out.
CREATE OR REPLACE TRIGGER LOGON_DENY_TRIGGER AFTER
LOGON ON DATABASE
DECLARE
  pos number(2);
BEGIN
   SELECT instr(upper(program), 'EXCEL') INTO pos FROM v$session WHERE audsid = sys_context('USERENV','SESSIONID')
   and rownum<=1;
   if pos > 0 then
     raise_application_error(-20100, 'Logins from Excel are not permitted');
   end if;
END;

Open in new window

0
 

Author Closing Comment

by:orieben
ID: 35178615
Clever; as clearly noted with the solution, there is a possibility to work around but is sufficient for the context I have here. More to difficult to implement because the Windows OS team had to talk to the Database Team...

Accepted a good first solution until we understand why policies does not work in Excel.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Introduction A previously published article on Experts Exchange ("Joins in Oracle", http://www.experts-exchange.com/Database/Oracle/A_8249-Joins-in-Oracle.html) makes a statement about "Oracle proprietary" joins and mixes the join syntax with gen…
This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
This Micro Tutorial will demonstrate the scrolling table in Microsoft Excel using the INDEX function.
This Micro Tutorial demonstrates in Microsoft Excel how to consolidate your marketing data by creating an interactive charts using form controls. This creates cool drop-downs for viewers of your chart to choose from.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now