Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Unable to restrict access to Oracle Database from Excel 2003

Posted on 2011-03-16
2
Medium Priority
?
597 Views
Last Modified: 2012-05-11
I need to restrict access to the company Oracle Database using Office Excel 2003 in the following context:

- all users are on terminal server Windows 2008 R2 SP1 (x64)
- Excel 2003 SP3 properly working (11.8169.8329)
- server has Oracle client installed (mandatory for the ERP application)
- currently, users may very easily open the Database from Excel 2003 [data->External data->...]
  using login and password they have for the ERP/Oracle application

I tried to restrict access to the data from this way with preventing access to .odc files with a GPO and have set the Excel 2003:
"Block opening Database and Datasource files" policy setting Enabled and "check to enforce" which in turn set the key:
"HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Excel\Security\FileOpenBlock\DatabaseandDatasourceFiles":DWORD=1

- the key is properly distributed on the server (veriofied) BUT HAS NO EFFECT
- setting an other key like changing the macro security level with the same policy file distribute the key and the effect is correct

- is it the wrong way
- Is an other global setting with more priority ?

Thanks in advance for any help
0
Comment
Question by:orieben
2 Comments
 
LVL 35

Accepted Solution

by:
johnsone earned 375 total points
ID: 35150841
You could do it with a login trigger on the database side.

I did not test it, but it should be pretty close to what you need.

There is a way around it, all you have to do is rename the executable on the Windows side, but most users wouldn't be able to figure that out.
CREATE OR REPLACE TRIGGER LOGON_DENY_TRIGGER AFTER
LOGON ON DATABASE
DECLARE
  pos number(2);
BEGIN
   SELECT instr(upper(program), 'EXCEL') INTO pos FROM v$session WHERE audsid = sys_context('USERENV','SESSIONID')
   and rownum<=1;
   if pos > 0 then
     raise_application_error(-20100, 'Logins from Excel are not permitted');
   end if;
END;

Open in new window

0
 

Author Closing Comment

by:orieben
ID: 35178615
Clever; as clearly noted with the solution, there is a possibility to work around but is sufficient for the context I have here. More to difficult to implement because the Windows OS team had to talk to the Database Team...

Accepted a good first solution until we understand why policies does not work in Excel.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shell script to create broker configuration file using current broker Configuration, solely for purpose of backup on Linux. Script may need to be modified depending on OS-installation. Please deploy and verify the script in a test environment.
This article describes a serious pitfall that can happen when deleting shapes using VBA.
This Micro Tutorial will demonstrate the scrolling table in Microsoft Excel using the INDEX function.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question