Solved

Unable to restrict access to Oracle Database from Excel 2003

Posted on 2011-03-16
2
592 Views
Last Modified: 2012-05-11
I need to restrict access to the company Oracle Database using Office Excel 2003 in the following context:

- all users are on terminal server Windows 2008 R2 SP1 (x64)
- Excel 2003 SP3 properly working (11.8169.8329)
- server has Oracle client installed (mandatory for the ERP application)
- currently, users may very easily open the Database from Excel 2003 [data->External data->...]
  using login and password they have for the ERP/Oracle application

I tried to restrict access to the data from this way with preventing access to .odc files with a GPO and have set the Excel 2003:
"Block opening Database and Datasource files" policy setting Enabled and "check to enforce" which in turn set the key:
"HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Excel\Security\FileOpenBlock\DatabaseandDatasourceFiles":DWORD=1

- the key is properly distributed on the server (veriofied) BUT HAS NO EFFECT
- setting an other key like changing the macro security level with the same policy file distribute the key and the effect is correct

- is it the wrong way
- Is an other global setting with more priority ?

Thanks in advance for any help
0
Comment
Question by:orieben
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 35

Accepted Solution

by:
johnsone earned 125 total points
ID: 35150841
You could do it with a login trigger on the database side.

I did not test it, but it should be pretty close to what you need.

There is a way around it, all you have to do is rename the executable on the Windows side, but most users wouldn't be able to figure that out.
CREATE OR REPLACE TRIGGER LOGON_DENY_TRIGGER AFTER
LOGON ON DATABASE
DECLARE
  pos number(2);
BEGIN
   SELECT instr(upper(program), 'EXCEL') INTO pos FROM v$session WHERE audsid = sys_context('USERENV','SESSIONID')
   and rownum<=1;
   if pos > 0 then
     raise_application_error(-20100, 'Logins from Excel are not permitted');
   end if;
END;

Open in new window

0
 

Author Closing Comment

by:orieben
ID: 35178615
Clever; as clearly noted with the solution, there is a possibility to work around but is sufficient for the context I have here. More to difficult to implement because the Windows OS team had to talk to the Database Team...

Accepted a good first solution until we understand why policies does not work in Excel.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
This article describes how you can use Custom Document Properties to store settings and other information in your workbook so that they will be available the next time you open the workbook.
Graphs within dashboards are meant to be dynamic, representing data from a period of time that will change each time the dashboard is updated with new data. Rather than update each graph to point to a different set within a static set of data, t…
This Micro Tutorial will demonstrate in Microsoft Excel how to add style and sexy appeal to horizontal bar charts.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question