tags:

views:

71

answers:

1
+1  Q: 

How to close and open access to SQL Server 2008 in Windows application?

Hi,

I'm using SQL Server 2008 (without application server or anything).

Numbers of users can be up to 1000. Windows Authentication is used.

The question is:

How to handle modes, so

  1. some users will be allowed to work in read-only mode

  2. some users won't have access to db for some time

My versions:

  1. Using a table with a mode id for every group of users, that will work the same way. On Form Load application will query that table for mode id.

  2. Using trigger on the tables, that must work according to that mode. The trigger will query mode value and doesn't work if access is closed or it's in read-only mode

I know these are not the best solutions, that's why I'm asking for your advice.

There's one more point.

If the mode is changed to "access-is-closed" for a group of users, that group must not be able to query to DB starting that moment.

With first solution I wrote it won't work, because user can be in application at that moment and no form load event will work. How can I do this?

Is there any optimal solution?

Thank you. Any help would be appreciated.

A: 

It depends somewhat on how you Access app interacts with the server, but for number 1 why not just use the built in Role/User permissions system in SQL Server?

For number 2, as your using Windows Authentication you can restrict logon hours in active directory on a per-account/OU basis this should prevent them from logging on to SQL server.

You could also do it via Logon Triggers which would not also prevent access to other domain resources.

Alex K.  2010-05-25 13:42:03
How it interacts? What do you mean? Application opens a connection on log in and keeps it open. What else do you need to know?for number 1, we're going to use sql users, but it's not so easy. There're more than 20 small or large applications, that need to be changed and 1000 users that need to be created with their roles and everything. For number 2, we don't need to restrict logon hours. It's like someone presses a button and at that moment access is closed for all users. It's not a specific time.Logon Trigger is very interesting, but if I got it right, it's logs out from windows, not DB.
hgulyan  2010-05-25 18:03:37
2. You can deny a SQL authenticated logon with a logon trigger to prevent the user logging on to the db, for example; http://social.msdn.microsoft.com/Forums/en-US/sqlsecurity/thread/08e49a1a-8c5b-43c8-83ef-edb661d19602
Alex K.  2010-05-25 18:54:06
Is it easy to add or remove logon trigger from app?
hgulyan  2010-05-25 19:12:26
and what should I do with users, that are already logged in?
hgulyan  2010-05-26 05:44:54

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?