Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
gudmojo
Starting Member
3 Posts |
 Posted - 2006-09-18 : 09:52:02
|
| HiIs it possible to configure user accounts or roles in sql server, so that they can NOT connect (with ODBC) from a specific ip address/machine?Reason: There is a small group of machines on our intranet where certain high privilege users should only be able to connect with their less privileged user name.(3rd party windows application accesses database, and privileges in application are tied to user accounts in the database.) |
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2006-09-18 : 09:53:49
|
| I think this will be better solved using AD groups and proper authorization to the database instead.I do not know how 3rd party application accesses the database. Maybe you will have to set a firewall rule?Peter LarssonHelsingborg, Sweden |
 |
|
|
khtan
In (Som, Ni, Yak)
17689 Posts |
Posted - 2006-09-18 : 09:57:00
|
if the user access control is not possible, the only other way that i can think of is using firewall to restrict access to the SQL Server TCP port
KH |
|
|
|
gudmojo
Starting Member
3 Posts |
Posted - 2006-09-18 : 10:45:04
|
| Thanks, no luck yet. The user accounts only exist as database users, not in AD, and it can not be based on windows/AD logins. I doubt TCP/firewall restrictions can inspect who the database user is.But thanks. |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2006-09-18 : 11:25:55
|
| No, they can't. But they can filter out which IP's that are allowed to talk to the SQL Server.Peter LarssonHelsingborg, Sweden |
|
|
|
gudmojo
Starting Member
3 Posts |
Posted - 2006-09-18 : 14:10:27
|
| True.It's a messy situation. I need to block the connection only if it is a certain database user account AND a certain ip-address range. When the same person uses his less privileged database user account, he should get in.I'm about to accept defeat, but if anybody knows about a feature in SQL Server to do this, please point me to it.Thanks all! |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2006-09-18 : 14:21:37
|
| There is nothing in SQL Server that can do this for you. We use Active Directory to handle situations like this.Tara Kizer |
|
|
|
|
|
|
|
|
IP Restriction