sql server misc: What is the accounting app?

Some apps (Great Plains for example) use application based encryption on the
user passwords. If you set the password within the app, it encrypts it
BEFORE it sends it over to SQL, so the account only works from within the
app. If the user tries to connect to SQL directly, the passwords won't
match and he won't be able to get in.

[quoted text, click to view]

Late one night, you could try putting triggers like the following on all of
your tables:

create trigger triud_MyTable on MyTable after insert, update, delete
as
if @@rowcount = 0
return

if (app_name() <> 'TheAccountingApp' and current_user = 'TheIdiot')
rollback tran
go


Make sure you don't make him a member of db_owner.

--
Tom

---------------------------------------------------------------
Thomas A. Moreau, BSc, PhD, MCSE, MCDBA
SQL Server MVP
Columnist, SQL Server Professional
Toronto, ON Canada
www.pinnaclepublishing.com/sql


[quoted text, click to view]
The bosses son-in-law is hacking around and "Trying" things :(

Is there any ideas on allowing SQL access when he is inside our accounting
application....

But limiting access when he is "Trying" things from outside the acct app?

Profile everything and make sure he logs in using his own account. After
you restore the backup, you should be able to have him escorted out the
door.

--
Geoff N. Hiten
Microsoft SQL Server MVP
Senior Database Administrator
Careerbuilder.com


[quoted text, click to view]

The bosses son-in-law is hacking around and "Trying" things :(

Is there any ideas on allowing SQL access when he is inside our accounting
application....

But limiting access when he is "Trying" things from outside the acct app?

[quoted text, click to view]

1) Have you tried a frank talk with him and his father in law
explaining why this is not a good idea? The boss should be fully
aware of actions which could compromise the business.

2) Why does he have access to the native data? Views should provide
him all the data he needs while maintaining security.

try the first method, just slap a trigger on the table so it drops the
table when hes messing about... less extreme stick a waitfor 10 mins