enabling EM for a single account (disabling for t

Question

enabling EM for a single account (disabling for t

yogiberr

Hall of Fame

Points: 3679
More actions
September 8, 2003 at 7:49 am

#83164

Hi,
I have SQLServer installed on a machine as a “local System Account”
I do not really want the users to be able to see any of the tables or sprocs etc.So, I thought that the best way to do this would be to disable Enterprise manager, ie
(the only access that I want them to have is thru my application.)
Is there any way that I can set up a single login account that can open up EM, (for me), and disable it for all the other logins?
Any advice much appreciated.
yogiberr

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply

Andy Warren SSC Guru Points: 119902 More actions · Answer 1

Nope, best you can do is limit what they can do with the tool (which happens automatically based on whatever login they use).

Andy

http://www.sqlservercentral.com/columnists/awarren/

Andy
SQLAndy - My Blog!
Connect with me on LinkedIn
Follow me on Twitter

yogiberr Hall of Fame Points: 3679 More actions · Answer 2

Hi Andy,

Thanks for the reply.

That's a bit of a bummer.I've been prowling for an article that focuses on setting up logins with minimal permissions , a sort of best practices..

has anyone found anything like this?

I'd be keen to hear.

many thanks.

yogiberr

Andy Warren SSC Guru Points: 119902 More actions · Answer 3

Not a simple problem. I basically try to gate all access through stored procs and I typically build the apps to use a sql login for the connection (hidden from the user). I've got a couple articles posted on sql logins, Brian Kelley has a bunch on security including a recent one on application roles.

Andy

http://www.sqlservercentral.com/columnists/awarren/

Andy
SQLAndy - My Blog!
Connect with me on LinkedIn
Follow me on Twitter

yogiberr Hall of Fame Points: 3679 More actions · Answer 4

yogiberr

Hall of Fame

Points: 3679

September 8, 2003 at 3:04 pm

#473116

thanks bud,

i'll have a look.

cheers,

yogiberr

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 5

quote:
I do not really want the users to be able to see any of the tables or sprocs etc.So, I thought that the best way to do this would be to disable Enterprise manager, ie
(the only access that I want them to have is thru my application.)
Is there any way that I can set up a single login account that can open up EM, (for me), and disable it for all the other logins?

Unfortunately, users can also gain access to this information using Query Analyzer, MS Access, or anything else they can make a connection to SQL Server with. The problem has to do with the permissions given to the public role. I'll be writing an article at some point that details what you can revoke from the public role and what the consequences are.

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide to SQL Server Performance Monitoring

http://www.netimpress.com/

K. Brian Kelley
@kbriankelley

yogiberr Hall of Fame Points: 3679 More actions · Answer 6

yogiberr

Hall of Fame

Points: 3679

September 12, 2003 at 8:23 am

#473943

Great,

Looking forward to it.

Cheers,

yogi