Remove access to see database object.

On Dec 9, 6:37 pm, "bass_player"
wrote:
> Give the user granular permissions on a per object basis. This would limit
> the objects from seeing other ones that he/she oes not have permissions
> over.  The only problem I see here is when you have a lot of objects in your
> database
>
> "MariaGuzman" wrote in message
>
>
>
>
>
> > Is there is a way I can restrict a user to see the database objects when
> > is using an application that is not authorized. For example, excel, or
> > sql tools.
>
> > this user is not an it user.
>
> > thanks a lot for your help.
>
> > *** Sent via Developersdexhttp://www.developersdex.com***- Hide quoted text -
>
> - Show quoted text -

we just started using logon triggers a few months ago. anyone using MS
Access, SQL Tools and one or two other apps with a few SQL user ID's
won't be allowed to log on. an error message pops up saying logon was
denied to trigger execution.

i can send you the code if you want, just email me.

Just make sure you test this in QA or some testing environment first.
it took us a few times to get the trigger right and we locked out a
few test servers by accident in the meantime and had to use the DAC's
to get in and disable or delete the trigger.
 >> Stay informed about: Remove access to see database object. 

MariaGuzman ( ) writes:
> Is there is a way I can restrict a user to see the database objects when
> is using an application that is not authorized. For example, excel, or
> sql tools.
>
> this user is not an it user.

There is no way you can assign permissions per applications. Yes, you
can set up a logon trigger that checks the application name, but that
can easily be forged.

If you only want users to be able to access data through your application,
you need to design or set up the application to cater for that.



--
Erland Sommarskog, SQL Server MVP, esquel.DeleteThis@sommarskog.se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
 >> Stay informed about: Remove access to see database object. 

Thanks for the clarification, Erland. I was thinking she was referring to
simply object access and overlooked the "application is not authorized"

"Erland Sommarskog" wrote in message

> MariaGuzman ( ) writes:
>> Is there is a way I can restrict a user to see the database objects when
>> is using an application that is not authorized. For example, excel, or
>> sql tools.
>>
>> this user is not an it user.
>
> There is no way you can assign permissions per applications. Yes, you
> can set up a logon trigger that checks the application name, but that
> can easily be forged.
>
> If you only want users to be able to access data through your application,
> you need to design or set up the application to cater for that.
>
>
>
> --
> Erland Sommarskog, SQL Server MVP, esquel RemoveThis @sommarskog.se
>
> Links for SQL Server Books Online:
> SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
> SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
> SQL 2000:
> http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
>
 >> Stay informed about: Remove access to see database object.