Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Change DB security roles based on connecting Application 1

Status
Not open for further replies.
monkeylizard

monkeylizard

MIS
Nov 15, 2000
322
US
Assume the following:
SQL Server 2000.
Application AppX uses SQL security (not Active Directory).
UserBob is a valid AppX user and is allowed to make changes to data using AppX.
AppX uses a SQL database named DataBaseX.

Scenario 1
UserBob opens AppX, which makes an ODBC connection to DatabaseX using SQL security with UserBob's login ID and password. SQL Server knows that AppX is the connecting application.

Scenario 2
UserBob opens Microsoft Access, and makes a connection to DatabaseX. SQL Server knows that MS Access is the connecting application.

Question
Can UserBob's security profile change on the fly based on the connecting application? In Scenario 1, he's allowed to have change access to all of the tables and execute access to the stored procedures. Internal application profiles in AppX control what UserBob can and can not change. In Scenario 2, he should only have Read access to the tables, and no access to the stored procedures.

Similarly, what if I wanted UserJane to only be able to connect using AppX and not allow any other applications to connect using her SQL account. Is that possible?

Monkeylizard
Sometimes just a few hours of trial and error debugging can save minutes of reading manuals.
 
Sort by date Sort by votes
Sort of. Assign Bobs account the rights that it would need when he connects via Access, Excel, etc. Have your application activate an Application Role after connecting. This would remove his user rights, and give him the rights which have been assigned to his application role.

There's no way to do this automatically.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2005 BI / SQL 2008 DBA / SQL 2008 DBD / SQL 2008 BI / MWSS 3.0: Configuration / MOSS 2007: Configuration)
MCITP (SQL 2005 DBA / SQL 2008 DBA / SQL 2005 DBD / SQL 2008 DBD / SQL 2005 BI / SQL 2008 BI)

My Blog
 
Upvote 0 Downvote
So the application role has to be activated by the connecting application?

Monkeylizard
Sometimes just a few hours of trial and error debugging can save minutes of reading manuals.
 
Upvote 0 Downvote
Nevermind. I Googled my own question. It makes sense now. Thanks Denny.

Monkeylizard
Sometimes just a few hours of trial and error debugging can save minutes of reading manuals.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TheBugSlayer
  • Locked
  • Question
High Availability - insert fails on primary replica but runs on secondary after failover.
Replies
0
Views
169
TheBugSlayer
TheBugSlayer
DougNaf
  • Locked
  • Question
SQL 2016 - DB attachment and error 3415
Replies
1
Views
159
fredericofonseca
fredericofonseca
JScannell
  • Locked
  • Question
SQL login on Classic ASP localhost site
Replies
0
Views
170
JScannell
JScannell
intel233
  • Locked
  • Question
Backup/Restore DB from SQL issues
Replies
2
Views
104
intel233
intel233
Farrukh hameed
  • Locked
  • Helpful tip
Single Connection string control multiple database connection on case condtion
Replies
1
Views
161
fredericofonseca
fredericofonseca

Part and Inventory Search

Sponsor

Back
Top