January 8, 2009 at 12:03 pm
Can you work with the vendor to change the password on the application's login and then not allow anyone else to know the password? Then you could make the other users use Windows Authentication to login and you can control their rights.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
January 8, 2009 at 12:08 pm
RBarryYoung (1/8/2009)
Erin: If you take this route, based on the App Name attached to the connection, you should be aware that this is just a barrier, it's not truly secure (because the client code can change the APP_NAME to whatever they want, if they know how).
Don't get me wrong, I think that this is fine for preventing internal users from idly modifying the data. Just be aware that someone who is determined and code-skilled can get around it.
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
January 8, 2009 at 12:22 pm
If they are member of a Group in windows then take them of this group that way they can't login to SQL. Create an AppUser login with SQL Authentication and just give DB_DATAREADER role. If you want to restrict the select too, then create a custom role and select the objects that this role can access..
Thanks!!
The_SQL_DBA
MCTS
"Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives."
January 8, 2009 at 12:55 pm
The_SQL_DBA (1/8/2009)
If they are member of a Group in windows then take them of this group that way they can't login to SQL. Create an AppUser login with SQL Authentication and just give DB_DATAREADER role. If you want to restrict the select too, then create a custom role and select the objects that this role can access..Thanks!!
They do use Windows to login to the application. However, after checking the application logs, any updates done through the guid are actually executed as sa not the users account.
Viewing 4 posts - 16 through 18 (of 18 total)
You must be logged in to reply to this topic. Login to reply