How to disable SQL Server Management Studio for a user

Question

Is there a way to prevent users from getting into SQL Server Management Studio so that they can\'t just edit table rows manually? They still need to access the tables by ru

Answer 1

Make well usage of Database Roles, if Users should only have SELECT (read) access assign them the db_datareader Role. Even if they login using SSMS they will can execute only SELECT statements.

Answer 2

I would suggest you lock down the database and give appropriate read-only (or other) rights to the user. That way the user can still use management studio to run select queries and such.

If you don't want the user to have any rights at all then you could do that as well.

Answer 3

You DO NOT need to worry about them having access to the tool. Simply make sure they do not know any of the SQL logins for the specific Databases that have read/write permissions, if they do, change the password. If they have access to the DB via Windows Authentication, make sure that they are in a datareader role. You can use roles to manage what the users can do in SQL.

Answer 4

An Application Role will allow you to secure database objects to your application instead of the logged on user.

Answer 5

If your application only used stored procedures to modify the data, you could give the end users access to run the stored procs, but deny them access to modify the tables.

Answer 6

I agree with Jon Erickson as a general rule

• do not allow any users access to the tables, but only allow access through stored procs
• do not allow general user accounts access to stored procs, but only the account your app runs under (whether it's an integrated login or SQL login)