Solved

Unable to restrict access to Oracle Database from Excel 2003

Posted on 2011-03-16
2
589 Views
Last Modified: 2012-05-11
I need to restrict access to the company Oracle Database using Office Excel 2003 in the following context:

- all users are on terminal server Windows 2008 R2 SP1 (x64)
- Excel 2003 SP3 properly working (11.8169.8329)
- server has Oracle client installed (mandatory for the ERP application)
- currently, users may very easily open the Database from Excel 2003 [data->External data->...]
  using login and password they have for the ERP/Oracle application

I tried to restrict access to the data from this way with preventing access to .odc files with a GPO and have set the Excel 2003:
"Block opening Database and Datasource files" policy setting Enabled and "check to enforce" which in turn set the key:
"HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Excel\Security\FileOpenBlock\DatabaseandDatasourceFiles":DWORD=1

- the key is properly distributed on the server (veriofied) BUT HAS NO EFFECT
- setting an other key like changing the macro security level with the same policy file distribute the key and the effect is correct

- is it the wrong way
- Is an other global setting with more priority ?

Thanks in advance for any help
0
Comment
Question by:orieben
2 Comments
 
LVL 34

Accepted Solution

by:
johnsone earned 125 total points
ID: 35150841
You could do it with a login trigger on the database side.

I did not test it, but it should be pretty close to what you need.

There is a way around it, all you have to do is rename the executable on the Windows side, but most users wouldn't be able to figure that out.
CREATE OR REPLACE TRIGGER LOGON_DENY_TRIGGER AFTER
LOGON ON DATABASE
DECLARE
  pos number(2);
BEGIN
   SELECT instr(upper(program), 'EXCEL') INTO pos FROM v$session WHERE audsid = sys_context('USERENV','SESSIONID')
   and rownum<=1;
   if pos > 0 then
     raise_application_error(-20100, 'Logins from Excel are not permitted');
   end if;
END;

Open in new window

0
 

Author Closing Comment

by:orieben
ID: 35178615
Clever; as clearly noted with the solution, there is a possibility to work around but is sufficient for the context I have here. More to difficult to implement because the Windows OS team had to talk to the Database Team...

Accepted a good first solution until we understand why policies does not work in Excel.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to Unravel a Tricky Query Introduction If you browse through the Oracle zones or any of the other database-related zones you'll come across some complicated solutions and sometimes you'll just have to wonder how anyone came up with them.  â€¦
Some code to ensure data integrity when using macros within Excel. Also included code that helps secure your data within an Excel workbook.
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
This Micro Tutorial demonstrate the bugs in Microsoft Excel for Mac with Pivot Charts.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question