Author |
Topic |
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2004-07-23 : 04:23:49
|
Hi, does anyone know how to restrict data import and export to specific users/servers only? Or is there a way to prevent import and export of data even if the user has an account on a database?thanks in advance |
|
Kristen
Test
22859 Posts |
Posted - 2004-07-23 : 05:43:06
|
Do you mean using DTS, or by setting permissions on a table to DENY access to given users "period"?Kristen |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2004-07-26 : 01:58:30
|
I mean the DTS wizard . I want to restrict my users from using the wizard without having to deny them the "comfort" of the enterprise manager. quote: Originally posted by Kristen Do you mean using DTS, or by setting permissions on a table to DENY access to given users "period"?Kristen
|
|
|
Kristen
Test
22859 Posts |
Posted - 2004-07-26 : 02:02:29
|
Uninstall the DTS app. maybe? Can't think of anything elseKristen |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2004-07-26 : 02:33:43
|
I was afraid someone would answer that quote: Originally posted by Kristen Uninstall the DTS app. maybe? Can't think of anything elseKristen
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-07-26 : 12:23:08
|
Well you can't uninstall DTS. It comes with the SQL Client Tools. To answer your question, no you can't prevent someone from using it if they've got the proper permissions on the objects already.Tara |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2004-07-26 : 22:57:18
|
Probably you have a better idea of what I want to do. There are basic permissions set to users, but if they start exporting the data, then I need something to prevent them from doing so. Importing to the server is easy to manage but exporting from this server to an unknown target is pretty much difficult unless if there's something that will prevent this from happenning or atleast managing to a certain level (like an audit trail for those who used the dts, getting the ip address of the target, account used, how much of the data was transferred, etc).Any idea is good idea.quote: Originally posted by tduggan Well you can't uninstall DTS. It comes with the SQL Client Tools. To answer your question, no you can't prevent someone from using it if they've got the proper permissions on the objects already.Tara
|
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2004-07-26 : 23:34:31
|
If you need this level of security, you need to redesign your permission schema.1. Users have EXEC permissions on procedures ONLY.2. The public group is restricted to a bare minimum of what it needs.If you do this, it won't matter if they have access to DTS. There won't be anything they can see with it.MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2004-07-27 : 00:44:38
|
Thanks for the replies guys, I am still hoping there is some other way aside from redesigning.I actually did this to one server and the reactions were not pretty good. Developers were breathing down my neck, but ofcourse i'm the dba. They coped up, but i'm not planning to do this on the other servers unless there is still another way.quote: Originally posted by derrickleggett If you need this level of security, you need to redesign your permission schema.1. Users have EXEC permissions on procedures ONLY.2. The public group is restricted to a bare minimum of what it needs.If you do this, it won't matter if they have access to DTS. There won't be anything they can see with it.MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA.
|
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2004-07-27 : 00:45:58
|
There is no other way. You need to setup the security right. Either that, or uninstall the client tools from there machines, which is much more likely to make them angry. Fixing security is the right way to fix it.MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-07-27 : 12:19:37
|
Is this in a production environment or just in dev? In dev, developers should have access to the tables which means that they would be able to import data using DTS or any other tool. If production, well developers shouldn't have access except through the app which should only have access to stored procs as Derrick mentioned.Tara |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2004-08-23 : 07:30:21
|
thanks for the info everyone... |
|
|
|