Securing SQL Server tables Linked via Access

[Dike]

Hello,
We are currently live with a CRM solution (Siebel) that uses SQL Server 6.5 as the back end. All is fine and dandy, except I have some reservations about security.
Quite simply, it is possible for anyone to open up MS Access and link to any of the SQL Server database tables via the ODBC DSN used by the Siebel front end. This DSN is necessary for Siebel to function.
I am bit worried that someone (out of incompetence or spite) might do just that and cause some serious damage. Its probably technically beyond the large proportion of our users (especially those that could make mistakes!), but I can't get the nagging fear out of my head.
Does anyone know of anyway to combat this problem? I have scoured the web, including this site, and cant seem to get any information on this.
Thanks and Regards
Dike

[Craig]

How is the DSN connecting? Trusted? Standard? What userid if standard, SA? Need more information......


------------
Dike at 6/7/00 1:29:40 PM

Hello,
We are currently live with a CRM solution (Siebel) that uses SQL Server 6.5 as the back end. All is fine and dandy, except I have some reservations about security.
Quite simply, it is possible for anyone to open up MS Access and link to any of the SQL Server database tables via the ODBC DSN used by the Siebel front end. This DSN is necessary for Siebel to function.
I am bit worried that someone (out of incompetence or spite) might do just that and cause some serious damage. Its probably technically beyond the large proportion of our users (especially those that could make mistakes!), but I can't get the nagging fear out of my head.
Does anyone know of anyway to combat this problem? I have scoured the web, including this site, and cant seem to get any information on this.
Thanks and Regards
Dike

[DIke]

The DNS is being connected to in the standard way (i.e. its not a trusted connection). The userid and password can be any login name and password that have been set up against the SQL Server "siebel" database, and also sa. There is a group called SSE_ROLE that is set up automatatically when the proprietary siebel database scripts are run, and the users are all members of this group.
The SSE_ROLE group has sufficient rights to alter data in the siebel database, which is fine, however this also means that when someones links to a database table via access, they have the same rights, which is what I am trying to avoid.
I have heard of some kind of encryption tool which transforms a normal looking password into an encrypted version at the database end, would this be the sort of thing I am looking for?

thanks a lot for your interest Craig!


------------
Craig at 6/7/00 2:02:08 PM

How is the DSN connecting? Trusted? Standard? What userid if standard, SA? Need more information......


------------
Dike at 6/7/00 1:29:40 PM

Hello,
We are currently live with a CRM solution (Siebel) that uses SQL Server 6.5 as the back end. All is fine and dandy, except I have some reservations about security.
Quite simply, it is possible for anyone to open up MS Access and link to any of the SQL Server database tables via the ODBC DSN used by the Siebel front end. This DSN is necessary for Siebel to function.
I am bit worried that someone (out of incompetence or spite) might do just that and cause some serious damage. Its probably technically beyond the large proportion of our users (especially those that could make mistakes!), but I can't get the nagging fear out of my head.
Does anyone know of anyway to combat this problem? I have scoured the web, including this site, and cant seem to get any information on this.
Thanks and Regards
Dike