Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Sql Database permissions

Posted on 2013-11-05
6
Medium Priority
?
300 Views
Last Modified: 2013-11-07
Hello,

I have a 3rd part application that allows a user to create a database to be used with their front end. Every year this user needs to create a few new databases. Id like to lock the user down to :

Create the database through the application provided to create the database.

Allow the user to only manage the database though this application. (Not use anything like Sql managment studio.)

And not give this user any kind of server level permissions. Can it be done?

I do have the option of migrating to sql 2012 if that would help with this.
0
Comment
Question by:BrownRJ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 15

Expert Comment

by:achaldave
ID: 39624736
Is the application uses any account to connect to database or passes the credentials of currently logged on user? If the application uses its own account you can remove user's permission from the database and configure permission for account used by the application. This will prevent user from accessing SQL server directly by using tools like SQL management studio.
0
 

Author Comment

by:BrownRJ
ID: 39625038
The application can use either windows authentication or sql. Currently it uses windows authentication.
0
 
LVL 70

Expert Comment

by:Scott Pletcher
ID: 39625630
You could have a DDL trigger that, upon db creation, changes the owner of the db.

You can have a logon trigger that would reject any attempt by that user to log onto a SQL instance using SSMS.

Does the user need to use SSMS to do other tasks on the same instance?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:BrownRJ
ID: 39625696
Scott,

Id like the user to keep permissions as DBO for any database he creates. Do you have any suggestions on the logon trigger for the SSMS? They do not need to ever access the server this way.
0
 
LVL 70

Accepted Solution

by:
Scott Pletcher earned 2000 total points
ID: 39625786
If the user is dbo on the db, then he can do anything to that db, including delete it.

Unless the user changes it (not easy to do but probably possible), SSMS will come in with an APP_NAME() of:
'Microsoft SQL Server Management Studio - Query'

You can use that in the logon trigger to rollback (cancel) the login, something like this:



CREATE TRIGGER [Check_For_SSMS_Trigger]
ON ALL SERVER
AFTER LOGON
AS
IF ORIGINAL_LOGIN() IN (N'domain_name\restricted_user_name1') --, ...
AND APP_NAME() LIKE '%Management Studio%'
    ROLLBACK; --cancel/reject login, preventing specified user(s) from accessing SQL using SSMS
GO
0
 

Author Comment

by:BrownRJ
ID: 39630523
Scott,

That did the trick. But I notice it doesnt like user groups. Ill just create  a trigger for each person. Its not that many.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Via a live example, show how to setup several different housekeeping processes for a SQL Server.

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question