Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Unable to restrict access to Oracle Database from Excel 2003

Posted on 2011-03-16
2
Medium Priority
?
595 Views
Last Modified: 2012-05-11
I need to restrict access to the company Oracle Database using Office Excel 2003 in the following context:

- all users are on terminal server Windows 2008 R2 SP1 (x64)
- Excel 2003 SP3 properly working (11.8169.8329)
- server has Oracle client installed (mandatory for the ERP application)
- currently, users may very easily open the Database from Excel 2003 [data->External data->...]
  using login and password they have for the ERP/Oracle application

I tried to restrict access to the data from this way with preventing access to .odc files with a GPO and have set the Excel 2003:
"Block opening Database and Datasource files" policy setting Enabled and "check to enforce" which in turn set the key:
"HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Excel\Security\FileOpenBlock\DatabaseandDatasourceFiles":DWORD=1

- the key is properly distributed on the server (veriofied) BUT HAS NO EFFECT
- setting an other key like changing the macro security level with the same policy file distribute the key and the effect is correct

- is it the wrong way
- Is an other global setting with more priority ?

Thanks in advance for any help
0
Comment
Question by:orieben
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 35

Accepted Solution

by:
johnsone earned 375 total points
ID: 35150841
You could do it with a login trigger on the database side.

I did not test it, but it should be pretty close to what you need.

There is a way around it, all you have to do is rename the executable on the Windows side, but most users wouldn't be able to figure that out.
CREATE OR REPLACE TRIGGER LOGON_DENY_TRIGGER AFTER
LOGON ON DATABASE
DECLARE
  pos number(2);
BEGIN
   SELECT instr(upper(program), 'EXCEL') INTO pos FROM v$session WHERE audsid = sys_context('USERENV','SESSIONID')
   and rownum<=1;
   if pos > 0 then
     raise_application_error(-20100, 'Logins from Excel are not permitted');
   end if;
END;

Open in new window

0
 

Author Closing Comment

by:orieben
ID: 35178615
Clever; as clearly noted with the solution, there is a possibility to work around but is sufficient for the context I have here. More to difficult to implement because the Windows OS team had to talk to the Database Team...

Accepted a good first solution until we understand why policies does not work in Excel.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to protecting Oracle Database servers and systems, there are a ton of myths out there. Here are the most common.
Shell script to create broker configuration file using current broker Configuration, solely for purpose of backup on Linux. Script may need to be modified depending on OS-installation. Please deploy and verify the script in a test environment.
Graphs within dashboards are meant to be dynamic, representing data from a period of time that will change each time the dashboard is updated with new data. Rather than update each graph to point to a different set within a static set of data, t…
This Micro Tutorial will demonstrate how to use a scrolling table in Microsoft Excel using the INDEX function.

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question