October 11, 2005 at 3:22 pm
Is there a way of restricting signon to a server so that it only comes from one of an approved list of machines? The situation is that users have an icon to click to connect to the dev database and one to connect to prod, and occasionally they click the wrong one. We need to only allow production access if it comes from one of a list of approved production machines. This is easy to do in Oracle (via listener configuration), does anyone know of anything similar in the SQL Server universe?
The simple approach is to only give the users the one appropriate icon, but in theory they could run a program and connect to the database without the icon. And the best practice approach is of course not to have dev and prod in the same domain and cluster, but I have inherited this situation and in the short term am looking for a work round, while getting development moved to an appropriate location in the longer term.
October 12, 2005 at 12:01 am
Sounds like a good case for seperate windows security groups (e.g. development_users & production_users or some such)? Users can be members of one group, both groups or neither group...
Or is there a reason that a security group would not work in your situation?
Joe
October 12, 2005 at 1:12 am
Different security groups would definately be the best way to go.
Other than that, you can lock down a NIC with IP Sec to prevent unwanted traffic from accessing the box.
Julian Kuiters
juliankuiters.id.au
October 12, 2005 at 2:53 am
You can't unfortunately do it in SQL - get your firewall guru to set up appropriate rules to control access to the Prod servers.
October 16, 2005 at 8:49 pm
Thanks to all for replying, I've forwarded suggestions to the support team who were asking.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply