Security of DB Structure

vincentc · October 24th, 2003, 03:39 AM

Two databases have been created in a SQL Server for different depts.
Both departments must not access the database of the other one.
Even the db structure is not allowed.

Both of them have installed the EM.
I find that the function "Generate SQL Script" can generate
the script of databases.
How can I protect the database structures.

Thanks a lot.

sal · October 24th, 2003, 08:27 AM

How are you implementing your security?
Are you using Windows authentication or SQL Server autentication?

I am sure that each department has a group created within windows that you can use for each database. If you add groupA to databaseA only, they will not be able to view anything in databaseB.

How are you accessing the data? Visual Basic, ASP, Access?

Sal

vincentc · October 26th, 2003, 09:37 PM

I use "SQL Server autentication".
User installed Enterprise Manager and
can generate sql script of all DB.

sal · October 27th, 2003, 12:38 AM

As long as you are not giving them the sa username.
You must give them a username that you create for them. I do not recomment SQL Server authentication. Windows Authentication is better, because the users need to be logged into their network and pre-authenticated from windows to get access to SQL Server.

If you create an account for them in SQL Server authentication, make sure that you do not give them access to all databases.

They will ot be able to get access to all databases if you set-up security the right way.

Are both sets of users using the same usermane?

Sal

vincentc · October 27th, 2003, 12:54 AM

They have different usernames and can just access their own db.
However, after they did the "SQL Server Registration" in EM,
they know that there is another db in the SQL Server and
they can generate the other one's db script.

sal · October 27th, 2003, 11:53 AM

You have not set-up security correctly. Do not add DatabaseA users to DatabaseB and do not add DatabaseB users to DatabaseA.

This will keep them from viewing anything in the other database.
Your security is set-up incorrectly!

Sal

vincentc · October 27th, 2003, 10:17 PM

I've re-configure the accounts and it works now.
Thanks a lot.

sal · October 27th, 2003, 10:38 PM

Good to hear that.
Listen, are you using MS Access as a front end? Please let me know, because there are a lot of ways that you can configure security a lot easier with MS Access front ends.
It is best to use Windows Authenthication because users do not have to use a user name and a password (users get tired of entering a password and username)

the reason I use windows authentication is, I will not nescesarily stay with a company forever, and with that security, a user can be trained to manage security when a new user comes into the company or an old user gets the ax.

Also it is a lot more secure because user think of a username and password as THE username for THE database. they share it with anyone and there goes your security.

Yes, I have had impossible users.

Sal