I am looking for any information on locking down EM, such as not allowing
access to certain areas (Security Folder, Management, etc), as well as
securing it so that they cannot even see certain DB's in the Databases
Folder. The security would ideally be tied into their SQL acct info, but NT
perms would work as well.
Can anyone provide some good primer info on this topic? Any hints or advice
would be greatly appreciated.
You can't really. There is no real metadata security in SQL2000 so the
obvious example is that a login with access to only 1 database can see all
databases in EM. Just because they can see stuff in EM doesn't mean they can
do anything. What you can do in EM is all controlled by what permissions you
have in SQL but just because they can see an object in EM doesn't mean they
can do anything to it. If a user has access to only one database they can't
do anything in EM other than in that one database.
HTH
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
"Rathael1" <Rathael1@.discussions.microsoft.com> wrote in message
news:FA39C12F-ACF6-4465-B464-3C66A53A65E3@.microsoft.com...
>I am looking for any information on locking down EM, such as not allowing
> access to certain areas (Security Folder, Management, etc), as well as
> securing it so that they cannot even see certain DB's in the Databases
> Folder. The security would ideally be tied into their SQL acct info, but
> NT
> perms would work as well.
> Can anyone provide some good primer info on this topic? Any hints or
> advice
> would be greatly appreciated.
|||That is what I was afraid of, and was pretty much what I have discovered
while researching this on my own. The example you just gave is exactly what
we're trying to prevent.
I am looking at some 3rd party solutions (AppSense, etc) that may help, just
in case anyone is running into anything similar. Also, I thought of creating
a web interface to EM, where we could control and filter the content
programatially, but that would be a fairly more involved solution than
getting something off the shelf.
Thanks for your response...if anyone else has any ideas, I'm all ears!
JD, MCSE, MCDBA
"Jasper Smith" wrote:
> You can't really. There is no real metadata security in SQL2000 so the
> obvious example is that a login with access to only 1 database can see all
> databases in EM. Just because they can see stuff in EM doesn't mean they can
> do anything. What you can do in EM is all controlled by what permissions you
> have in SQL but just because they can see an object in EM doesn't mean they
> can do anything to it. If a user has access to only one database they can't
> do anything in EM other than in that one database.
> --
> HTH
> Jasper Smith (SQL Server MVP)
> http://www.sqldbatips.com
> I support PASS - the definitive, global
> community for SQL Server professionals -
> http://www.sqlpass.org
> "Rathael1" <Rathael1@.discussions.microsoft.com> wrote in message
> news:FA39C12F-ACF6-4465-B464-3C66A53A65E3@.microsoft.com...
>
>
|||What exactly is your concern with the behaviour of EM ? Is this for some
sort of hosting scenario ?
HTH
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
"rathael1" <rathael1@.discussions.microsoft.com> wrote in message
news:04AFBDCC-4D63-4931-973E-2422E4396A30@.microsoft.com...[vbcol=seagreen]
> That is what I was afraid of, and was pretty much what I have discovered
> while researching this on my own. The example you just gave is exactly
> what
> we're trying to prevent.
> I am looking at some 3rd party solutions (AppSense, etc) that may help,
> just
> in case anyone is running into anything similar. Also, I thought of
> creating
> a web interface to EM, where we could control and filter the content
> programatially, but that would be a fairly more involved solution than
> getting something off the shelf.
> Thanks for your response...if anyone else has any ideas, I'm all ears!
> JD, MCSE, MCDBA
> "Jasper Smith" wrote:
|||Have a look at SQL Server Web Data Administrator
http://www.microsoft.com/downloads/d...displaylang=en
This seems to only show databases users have access to. It is extensible and
has documentation on the SqlAdmin class which you can use
HTH
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
"rathael1" <rathael1@.discussions.microsoft.com> wrote in message
news:04AFBDCC-4D63-4931-973E-2422E4396A30@.microsoft.com...[vbcol=seagreen]
> That is what I was afraid of, and was pretty much what I have discovered
> while researching this on my own. The example you just gave is exactly
> what
> we're trying to prevent.
> I am looking at some 3rd party solutions (AppSense, etc) that may help,
> just
> in case anyone is running into anything similar. Also, I thought of
> creating
> a web interface to EM, where we could control and filter the content
> programatially, but that would be a fairly more involved solution than
> getting something off the shelf.
> Thanks for your response...if anyone else has any ideas, I'm all ears!
> JD, MCSE, MCDBA
> "Jasper Smith" wrote:
|||rathael1 typed:
> Also, I
> thought of creating a web interface to EM, where we could control and
> filter the content programatially, but that would be a fairly more
> involved solution than getting something off the shelf.
You should have a look at myLittleAdmin on
http://www.mylittletools.net/mla_sql
Live demo on http://www.mylittletools.net/livedemo/mla_sql
You can also download a lite edition
Hope this helps
Best regards
Elian Chrebor
// myLittleTools.net : web-based applications for ASP developers
// myLittleAdmin spotlight is available on
// http://www.mylittletools.net/spotlight
// webmaster@.mylittletools.net
[vbcol=seagreen]
> Thanks for your response...if anyone else has any ideas, I'm all ears!
> JD, MCSE, MCDBA
> "Jasper Smith" wrote:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment