tags:

views:

60

answers:

2
+1  Q: 

Security model (deployment) for MS Access application with SQL Server Backend

We have an application, consisting of an MS Access frontend (2007, mdb format), a few .net libraries and an SQL Server (2008) backend. I am working on an installer, which automatically installs the MS Access Runtime, our application, our libraries, SQL Server Express and configures everything.

Clearly, the MS Access application and the libraries (running in a normal, non-admin user context) need access to the SQL Server database. What is the best way to grant access to the application?

This is what I came up with. Unfortunately, all of these seem to have drawbacks:

  • SQL Server Compact Edition: Does not support views.

  • Application Roles: This seems to be best practice. However, it requires executing a stored procedure before accessing the database (I cannot pass the app credentials in the connection string). Thus, I cannot use this to attach the SQL Server tables as a linked tables in the Access MDB, which is a requirement of our Access application.

  • SQL Server User Instance: To quote from MSDN: "This feature will be removed in a future version of Microsoft SQL Server. Avoid using this feature in new development work..."

  • SQL Authentication: Microsoft says: "When possible, use Windows Authentication."

  • Using Windows authentication and granting BUILTIN\USERS full access: This is by far the easiest solution, but somehow it "seems wrong" to do that...

The application is targeted at a non-technical audience, so asking the user to configure permissions is not an option.

EDIT: Some clarification: It's a "local" application, i.e., the SQL Server is located on the same machine as the application; SQL Server access from the network is neither necessary nor desired. The software (a regular business application for managing stocks, invoices, etc.) will be available to download for free, so it should run in a variety of environments (domain/non-domain, different operating systems, etc.), and IT knowledge should not be required to install it -- apart from the usual "click on setup.exe, confirm UAC prompt, acknowledge the installation directory, etc.". I expect the most common scenarios to be "Windows XP, local admin user" and "Windows Vista/7, local admin user with UAC enabled". Since we want to follow good practices, running the application should not require "Run as Administrator" in the latter case.

+1  A: 

@Heinzi write:

Using Windows authentication and granting BUILTIN\USERS full access: This is by far the easiest solution, but somehow it "seems wrong" to do that...

The usual approach here is to add a custom user group (e.g., "db-users") and put the users in that group. That way you can control exactly who is allowed access.

David-W-Fenton  2010-01-18 20:50:34
Thanks for your input. Indeed, that's the solution I'd choose as a system administrator. The problem is that the software should be a downloadable end-user product, i.e. the target group includes people who have no idea what a "user group" is...
Heinzi  2010-01-18 20:59:57
In that case, SQL Server authentication and SQL Server roles seem to me to be the way to go, no?
David-W-Fenton  2010-01-19 20:25:56
Yes, that will probably be it. I was just wondering if there's anything wrong with this approach, since I had the feeling that SQL authentication is considered a bit "outdated" nowadays.
Heinzi  2010-01-20 21:16:03
I find Windows authentication a lot easier, but in your distribution scenario, you have different considerations, so I don't think it's inappropriate.
David-W-Fenton  2010-01-21 04:48:34
+1  A: 

How about:

  • Use an Access ADP project, pre-configured to connect to the locally installed SQL Server instance.
  • Connect using BuiltIn\Users group (or SQL authentication) but grant only the bare minimum credentials. Enough to logon and ...
  • Call sp_setappprole to "elevate" the client connection to your defined application role's identity.
voon  2010-01-20 07:25:06
Yep, that's definitely the way to go if we used ADPs instead of MDBs. Unfortunately, ADP projects are not an option, since our code requires some of the mdb features, such as local querydefs. As Microsoft recommends *not* using ADPs but MDBs or ACCDBs with linked tables (quote: "The preferred way to connect to SQL Server is MDB file format or ACCDB file format.", http://technet.microsoft.com/en-us/library/cc178973.aspx), I don't think that we will migrate our application to an ADP project.
Heinzi  2010-01-20 08:05:26
What are you using local Querydefs for that ADPs can't support?Wow, its a huge shame that Microsoft is seemingly downplaying ADPs. IMO, its is the ideal development technology for most workgroup sized applications...
voon  2010-01-20 08:38:42
Well, I guess the application could be rewritten into an ADP (querydefs are used mostly as adaptable report sources), but the querydef thing is just one of the issues. We tried ADP some years ago and I don't remember all the details, but the conclusion was that an awful lot of legacy code would need to be rewritten. Thus, it is not an option at the moment.
Heinzi  2010-01-20 21:10:33
Yeah, I was about to suggest various ways of working around the lack of querydefs. But now I see there's a dependency on legacy code that would require alot of re-work to use in ADPs. Oh well...
voon  2010-01-21 06:23:02
Even without legacy code, ADPs were always a moving target. Each version had its own set of gotchas, and they changed from version to version (A2002 fixed bugs in A2000 ADPs, but introduced its own, and then A2003 reverted some of the fixed bugs while introducing its own). ADPs were simply a failed idea that were probably a waste of time from the beginning. Conceptually it might have worked, but never reached that "version 3" completeness that MS is renowned for.
David-W-Fenton  2010-01-21 20:00:56

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?