We have applications connected to SQL using windows authentication. While having connection with Application user can also access to Database instance on the same time as well. We need to limit the access of user outside application. How we can limit user to access DB from application but not outside application?
Sql-server – SQL User Security
sql-server-2008
Related Question
- Sql-server – Will SYSTEM_USER return the unique user id for users authenticated by Active Directory
- Sql-server – SQL Server 2008: The login is from an untrusted domain and cannot be used with Windows authentication
- Sql-server – ODBC Data Source SQL Server Connection – Login Failed For User
- Sql-server – write to SQL server from another server
- SQL Server 2008 – Why Different Users from Same Login Group Cannot Access Database Objects?
- SQL Server 2008 – ‘The Computer Must Be Trusted for Delegation’ Error
Best Answer
The first thing that comes to mind is a logon trigger. But that's not really the right answer. The right answer is to give the logins (your Windows users) only the permissions they require. An application is not a security layer and you shouldn't be treating it as such.
In other words, if the users are able to
SELECT
andINSERT
intodbo.Table1
, then they only need those permissions. Don't make them members of thesysadmin
fixed server role in the hopes they only hit the database through the application.