发表新帖
发表新帖

How to disable SQL Server Management Studio for a user

前端 未结
关注
11 2060
梦毁少年i
梦毁少年i 2021-01-02 13:49

Is there a way to prevent users from getting into SQL Server Management Studio so that they can\'t just edit table rows manually? They still need to access the tables by ru

相关标签:
11条回答
  • 灰色年华
    2021-01-02 14:49

    You can deny 'Users' access rights to the ssms.exe executable file, while granting the relevant users/administrators rights to it.

    0 讨论(0)
  • 失恋的感觉
    2021-01-02 14:50

    You can use the DENY VIEW ANY DATABASE command for the particular user(s). This is a new feature available in SQL Server 2008.

    It prevents the user from seeing the system catalog (sys.databases, sys.sysdatabases, etc.) and therefore makes the DB invisible to them in SQL Management Studio (SSMS).

    Run this command from the Master Database:

    DENY VIEW ANY DATABASE TO 'loginName'

    The user is still able to access the database through your application. However, if they log in through SSMS, your database will not show up in the list of databases and if they open a query window, your database will not appear in the dropdown.

    However, this is not fool-proof. If the user is smart enough to run the Query Command:

    USE <YourDatabaseName>

    Then they will see the database in the Query Analyzer.

    Since this solution is taking you 90% there, I would give the database some obscure name not let the users know the name of the database.

    0 讨论(0)
  • 野性不改
    2021-01-02 14:50

    If your application is running as a service/user account then only that account requires access to the database. The individual users' account do not require any access to the database and therefore they won't even have read access. Your app will be the gateway to the data.

    If the users are running the application under their user accounts then grant them read-only permission. You can simply add them to the db_datareader role.

    Hope this helps!

    0 讨论(0)
  • 再見小時候
    2021-01-02 14:52

    You can use a trigger.

    CREATE TRIGGER [TR_LOGON_APP]
ON ALL SERVER 
FOR LOGON
AS
BEGIN

   DECLARE @program_name nvarchar(128)
   DECLARE @host_name nvarchar(128)

   SELECT @program_name = program_name, 
      @host_name = host_name
   FROM sys.dm_exec_sessions AS c
   WHERE c.session_id = @@spid


   IF ORIGINAL_LOGIN() IN('YOUR_APP_LOGIN_NAME') 
      AND @program_name LIKE '%Management%Studio%' 
   BEGIN
      RAISERROR('This login is for application use only.',16,1)
      ROLLBACK;
   END
END;

    https://www.sqlservercentral.com/Forums/1236514/How-to-prevent-user-login-to-SQL-Management-Studio-#bm1236562

    0 讨论(0)
  • 野的像风
    2021-01-02 14:54
    • Don't let them know what the database login is.
    • If you can't restrict the login, use stored procedures exclusively for updates and disable any CREATE,DELETE,INSERT, or UPDATE permissions for that user.
    0 讨论(0)
 看不清?
提交回复
热议问题