|
Subject:
|
Security of DB Structure
|
|
Posted By:
|
vincentc
|
Post Date:
|
10/24/2003 3:39:35 AM
|
Two databases have been created in a SQL Server for different depts.
Both departments must not access the database of the other one.
Even the db structure is not allowed.
Both of them have installed the EM.
I find that the function "Generate SQL Script" can generate
the script of databases.
How can I protect the database structures.
Thanks a lot.
|
|
Reply By:
|
sal
|
Reply Date:
|
10/24/2003 8:27:54 AM
|
How are you implementing your security?
Are you using Windows authentication or SQL Server autentication?
I am sure that each department has a group created within windows that you can use for each database. If you add groupA to databaseA only, they will not be able to view anything in databaseB.
How are you accessing the data? Visual Basic, ASP, Access?
Sal
|
|
Reply By:
|
vincentc
|
Reply Date:
|
10/26/2003 8:37:03 PM
|
I use "SQL Server autentication".
User installed Enterprise Manager and
can generate sql script of all DB.
|
|
Reply By:
|
sal
|
Reply Date:
|
10/26/2003 11:38:10 PM
|
As long as you are not giving them the sa username.
You must give them a username that you create for them. I do not recomment SQL Server authentication. Windows Authentication is better, because the users need to be logged into their network and pre-authenticated from windows to get access to SQL Server.
If you create an account for them in SQL Server authentication, make sure that you do not give them access to all databases.
They will ot be able to get access to all databases if you set-up security the right way.
Are both sets of users using the same usermane?
Sal
|
|
Reply By:
|
vincentc
|
Reply Date:
|
10/26/2003 11:54:48 PM
|
They have different usernames and can just access their own db.
However, after they did the "SQL Server Registration" in EM,
they know that there is another db in the SQL Server and
they can generate the other one's db script.
|
|
Reply By:
|
sal
|
Reply Date:
|
10/27/2003 10:53:54 AM
|
You have not set-up security correctly. Do not add DatabaseA users to DatabaseB and do not add DatabaseB users to DatabaseA.
This will keep them from viewing anything in the other database.
Your security is set-up incorrectly!
Sal
|
|
Reply By:
|
vincentc
|
Reply Date:
|
10/27/2003 9:17:26 PM
|
I've re-configure the accounts and it works now.
Thanks a lot.
|
|
Reply By:
|
sal
|
Reply Date:
|
10/27/2003 9:38:11 PM
|
Good to hear that.
Listen, are you using MS Access as a front end? Please let me know, because there are a lot of ways that you can configure security a lot easier with MS Access front ends.
It is best to use Windows Authenthication because users do not have to use a user name and a password (users get tired of entering a password and username)
the reason I use windows authentication is, I will not nescesarily stay with a company forever, and with that security, a user can be trained to manage security when a new user comes into the company or an old user gets the ax.
Also it is a lot more secure because user think of a username and password as THE username for THE database. they share it with anyone and there goes your security.
Yes, I have had impossible users.
Sal
|
