purplesoup
asked on
Restricting access to Ole Automation Procedures in SQL Server
The 'Ole Automation Procedures' setting in SQL Server can be very useful but it also regarded as a security risk - is it possible to place any restrictions on this setting, as far as I can tell it is either on or off for the whole server for all users? Is it possible to restrict it in some way for example only being allowed on certain databases or for certain users?
One option I had thought of was turning it on a different server and linking to that server to the main server - if placing restrictions on the main server isn't possible does this sound like it would be a feasible option?
One option I had thought of was turning it on a different server and linking to that server to the main server - if placing restrictions on the main server isn't possible does this sound like it would be a feasible option?
ASKER
Perhaps you could expand a little more on why it might be wrong in principle to turn it on for any SQL Server - I assumed it might be an issue on a server with business data, but a server whose only function is to allow Ole Automation, with no other use - is that genuinely still an issue?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you are correct it is binary either on or off and not per user
One option I had thought of was turning it on a different server and linking to that server to the main server - if placing restrictions on the main server isn't possible does this sound like it would be a feasible option?
you are only moving the problem and not addressing it.. if you don't need ole automation disable it. to enable it will then need management approval