make Sql Server database public (allow read and write within network) - sql

How can I modify an Sql Server database properties to make it public so that all users within the network can read and write to it? (they will do so through VBA code)
The method I used until now was granting access from DB Security to the network logins/users.
Desired method: I would like to have the database as public and alter the VBA code so that some actions are allowed/restricted based on network username.

What I would do is retrieve the user_id of the user in VBA with
environ('username')
and access the database via a server script.
Create table where you store the users of your internal network (via Active Directory you could use LDAP, otherwise you store the id's yourself);
Create an Ajax call from VBA to the server script and check if the user exists;
I refer to this answer I formulated before on how to create the Ajax call:
Updating Oracle Table from Excel VBA Macro using ODBC connection
Perform all database transactions from the server script (not from VBA directly to the db). You can send the necessary sql criteria with as GET parameters with the url string (check the link on how to do this via Ajax);
Additionally you can embed an extra security by sending a self created key from the vba tool to the server script (this can be hard coded in the VBA code) and verify this before performing any supplementary actions.
This in order to verify if the VBA tool at the client side should have access to the script.

Related

Microsoft SQL Server connection error with Visual Studio.net (Windows forms)

I've been trying for a while to connect the database to visualstudio.net and it just doesn't work.
First I made the database and made everything I needed there and when I tried connecting it in visual.net through datagridview (trying to get it displayed there) it only gives me access to the "System databases" in which I can't make a database.
After that I decided to make the tables under the "master" database to see if that worked and yeah I can select the database and everything but it says it's empty when I know it's not. It says it has no tables when I've checked multiple times and saw the tables I've created there.
I would appreciate some help to either be able to get for visual to accept a database I make (to be able to automatically detect it once I enter the server name) or to see how can I use the master one properly.
You can add a data source to your project and it will be able to connect to the user databases. Also, it is highly inadvisable to create any user objects in the master database.
master database is a system database and you should not create user objects in the system database. In the connection string, provide the user database name explicitly. If you dont provide the database name, it defaults to master database.
Refer to connection strings for Sql Server for providing the right connection string for SQL Server in .net.

How to read code of trigger which was created with option WITH ENCRYPTION [duplicate]

I created a new stored procedure WITH ENCRYPTION statement, now I want to view its body.
What is the solution?
In case when stored procedure is created with the ENCRYPTED option, SQL Server internally stores the text with the definition of the object in an obfuscated format
The actual definition of an object is stored in system table sys.sysobjvalues which is not directly accessible. By connecting to SQL Server using the Dedicated Administrator Connection (DAC) you can select the imageval column in which the information is stored
If you are not allowed by your company or your client to use third party tools see this post on how to decrypt the encrypted object:
http://www.mssqltips.com/sqlservertip/2964/encrypting-and-decrypting-sql-server-stored-procedures-views-and-userdefined-functions/
However, the easiest way is to use the third party tools
One of them is ApexSQL Complete, a FREE SSMS and VS add-in
In ApexSQL Complete encrypted objects are handled as any other SQL Server object with addition that their DDL script is shown, even if it is encrypted using the Decrypt encrypted objects option
The script of an encrypted object is shown in the inline object details dialog:
Disclaimer: I work for ApexSQL as a Support Engineer
Keep the script around that created the stored proc in the first place.
There's no documented means of retrieving the text of the procedure once it's been created with this option. There are hints in CREATE PROCEDURE, if you're desperate to recover the text:
ENCRYPTION
Indicates that SQL Server will convert the original text of the CREATE PROCEDURE statement to an obfuscated format. The output of the obfuscation is not directly visible in any of the catalog views in SQL Server. Users who have no access to system tables or database files cannot retrieve the obfuscated text. However, the text will be available to privileged users who can either access system tables over the DAC port or directly access database files. Also, users who can attach a debugger to the server process can retrieve the decrypted procedure from memory at runtime.
That is, you'll have to connect using DAC and query undocumented tables - there's certainly no visual option in SSMS.
You can decrypt with tool SQL Compare. You need to create one database to compare sql script. Return result script sql is decrypted. Link soft: http://www.red-gate.com/products/sql-development/sql-compare/

Lock database for other application

I'm using SQL Server 2008 R2, someone is using my database via a macro code in Excel, is there any way to prevent another application (like Excel) to access my database?
If your users are supposed to acces the database (they have login and rights on it) but only with a limited range of software, you have to tell them not to use Excel.
There is a workaround based on an after connect trigger wich check the application_name in session, but its not very effective.
If they do not have to connect directly to the database, you have to delete their logins (or revoke rights) or change password if they shared a common user.
Create a service (e.g.in C#.NET) which will be used to query the database. In programming language like C# you can easily lock the database via "lock" statement.

SSRS Impersonation for Datasource

I am working to deploy a reporting solution using SSRS and PerformancePoint. I have 4 databases I have pull from. 3 I have full control over the other I only have an additional domain account that has access to SQL with read only permissions, this is the only option due to the security agreement for this database.
I cannot for the life of me figure out how to publish a report using the domain account protected data. I have tried every combination of authentication I could find on google for the dataset but it just will not work.
Ideas?
My understanding is that you are not combining data from 4 different servers as your data source in this report, correct?
Then, In ReportManager - go to report properties - i.e. right-click on your report and then left-click on Manage from the dropdown menu. Then choose Data Source tab - it will have the following option:
A custom data source
Data source type: Microsoft SQL Server
Connection string: Data Source=YOUR.SERVER.IP.ADDRESS;Initial Catalog=YOUR_DATABASE_NAME
Then choose: Connect using: Credentials stored securely in the report server
You can enter your domain username and password there: e.g.
User name: SOMEDOMAIN\MyUser.Name
Password: MyPa$$wo%d
Then checkmark: Use as Windows credentials when connecting to the data source
You may need to checkmark this one too: Impersonate the authenticated user after a connection has been made to the data source
This will store your login/password combination securely on the server and will allow the report to connect to your datasource.
You can also do this for a shared datasource.
Otherwise, If you're trying to combine data from your 3 servers and 1 additional where you have read-only access only, I would recommend to:
create a linked server entry on one of your servers pointing to that 1 read-only server, and may be two more for the two other servers
create stored procedures that would provide datasets for your report gathering data from the other 3 servers as needed - this way you'd only need 1 datasource on the reportserver
Does this answer your question?

Building an auditing system; MS Access frontend on SQL Server backend

So basically I'm building an app for my company and it NEEDS to be built using MS Access and it needs to be built on SQL Server.
I've drawn up most of the plans but am having a hard time figuring out a way to handle the auditing system.
Since it is being used internally only and you won't even be able to touch the db from outside the building we are not using a login system as the program will only be used once a user has already logged in to our internal network via Active Directory. Knowing this, we're using a system to detect automatically the name of the Active Directory user and with their permissions in one of the DB tables, deciding what they can or cannot do.
So the actual audit table will have 3 columns (this design may change but for this question it doesn't matter); who (Active Directory User), when (time of addition/deletion/edit), what (what was changed)
My question is how should I be handling this. Ideally I know I should be using a trigger so that it is impossible for the database to be updated without an audit being logged, however I don't know how I could grab the Active Directory User that way. An alternate would be to code it directly into the Access source so that whenever something changes I run an INSERT statement. Obviously that is flawed because if something happens to Access or the database is touched by something else then it will not log the audit.
Any advice, examples or articles that may help me would be greatly appreciated!
Does this work for you?
select user_name(),suser_sname()
Doh! I forgot to escape my code.
Ok, it's working here. I'm seeing my windows credentials when I update my tables. So, I bet we missed a step. Let me put together a 1,2,3 sequence of what I did and maybe we can track down where this is breaking for you.
Create a new MSAccess database (empty)
Click on the tables section
Select external data
Pick ODBC database
Pick Link to the datasource by creating a linked table
Select Machine datasource
Pick New...
System Datasource
Pick SQL Server from the list and click Next, Finish.
Give the new datasource a name and description, and select (local) for the server. Click Next.
Pick "With Windows NT authentication using the network login ID". Click Next.
Check Change the default database to, and pick the DB. Click Next. Click Finish.
Test the datasource.
Pick the table that the Trigger is associated with and click OK.
Open the table in Access and modify one of the entries (the trigger doesn't fire on Insert, just Update)
Select * from your audit table
If you specify SSPI in your connection string to Sql, I think your Windows credentials are provided.
I tried playing with Access a bit to see if I could find a way for you. I think you can specify a new datasource to your SQL table, and select Windows NT Authentication as your connection type.
Sure :)
There should be a section in Access called "External Data" (I'm running a new version of Access, so the menu choice might be different).
Form this there should be an option to specify an ODBC connection.
I get an option to Link to the datasource by creating a linked table.
I then created a Machine datasource. I selected SqlServer from the drop down list. Then when I click Next, I'm prompted for how I want to authenticate.
CREATE TRIGGER testtrigger1
ON testdatatable
AFTER update
AS
BEGIN
INSERT INTO testtable (datecol,usercol1,usercol2) VALUES (getdate(),user_name(),suser_sname());
END
GO
We also have a database system that is used exclusively within the organisation and use Window NT logins. This function returns the current users login name:
CREATE FUNCTION dbo.UserName() RETURNS varchar(50)
AS
BEGIN
RETURN (SELECT nt_username FROM master.dbo.sysprocesses WHERE spid = ##SPID)
END
You can use this function in your triggers.
It should be
select user name(),suser sname()
replace spaces with underscores
you need to connect with integrated security aka trusted connection see (http://www.connectionstrings.com/?carrier=sqlserver)
How many users of the app will there be? Is there possibility of using windows integrated authentication for SQL authentication?
Updated: If you can give each user a SQL login (windows integrated) then you can pickup the logged on user using the SYSTEM_USER function.
My solution would be not to let Access modify the data with linked tables.
I would only create the UI in Access and create an ADO connection to the server using windows authenticated in the connection string. Compile you Access application as dbe to protect the VB code.
I would not issue SQL statement, but I would call stored procedures to perform the changes in the database, and create the audit log entry in an atomic transaction.
The UI (Access) does not need to know the inner works on the server. All it needs to do is request and update/insert/delete using the stored procedures you would create for this purpose. The server should handle the work.
Retrieve a record set with ADO using a view with the hint NOLOCK implemented in the server and cache this data in Access for local display. Or retrieve a single record and lock only that row for editing.
Using linked tables your users will be locking each other.
With ADO connections you will not have the trouble to set ODBCs on every single client.
Create a table to set the server status. You application will check it before any action. you can use it to close the server to the application in case that you need to perform changes or maintenance.
Access is a great tool. But it should only handle its local data and not be allowed to mess with the precious server.