I am creating a Home windows application which will not in favor of a SQL 2008 database. A few of the table information is very sensitive but a lot of our customers will still need a minimum of read otherwise read/write use of individuals tables. We are likely to use Home windows Security to manage their accessibility database.
I wish to determine if individuals same customers can access the information in individuals tables through something similar to Stand out or MS Access? It comes down to obstructing a poor apple from attempting to steal the information inside and walking served by it. Should they have read accessibility data, though, can there be any real method to stop them?
Sorry if this sounds like a SQL Server 101 question, but I am not finding good solutions towards the question.
Should they have to possess read access, then you definitely should virtually assume they are able to do what they need using the data. Should you render data on screen, you need to assume someone can write lower the things they see having a paper and pencil.
With nevertheless, I'd produce a service account which has permissions to gain access to SQL Server out of your application. Control the access inside your application via roles. Don't grant any customers use of your database directly - they need to undergo your application.
By trying to spread out Access or Stand out and point it for your SQL Server database, they will not have permission to complete anything.
A great way to do this can be to author saved methods that fulfill all your needs and grant all of the customers execute only rights.
Should you grant full read use of your customers, then yes its likely to be hard to prevent them from what your speaking about.
As pointed out by others, you may create a SQL take into account the application. This can disallow any outdoors access from anything apart from the application itself. Obviously, this indicates use of the application itself would need to be restricted. This is easily accomplished by restricting read accessibility executable for an active directory group which consists of customers whom get access. Further to that particular, you application could also use active directory hooks to find out whether or not to allow write access for individuals customers who require it.
That being stated though.... your greatest problem would be the physical security. If only one user within the authenticated group is untrustworthy, a certain acceptable usage policy, HR worker screening, and user atmosphere constraints should be in position. An effective workstation deployment policy may also be good here, permitting you to definitely restrict detachable drive usage, logging all access, connectivity particulars and so forth.
It's much more about the operational atmosphere at this time if you cannot trust the consumer.
Customers could access SQL tables using linked table in Access or exterior data query in Stand out, nevertheless the permissions are controlled through the SQL server, meaning the customers read-access, they'll have the ability to access data in read-only mode.