Attain with SQL Database - Stopping from Intruders

Dear All, Our Client is presently using Navision 3.6 with SQL Server database. We have a small problem. One of the user developed a VB application and is able to access the Navision/SQL Server Database and delete the data. Using ODBC connection, he is able to do anything.How do we restrict users from accessing the SQL Server Database. This is very urgent requirement. Please help me. Best Regards, Vijay

That user has rights given outside the Navision app. (using ent. Manager). Permissions setup inside Navision only gives the user rights by using the Navision application.

Lars, Thanx for the reply. To access from Navision Front End to SQL Database, all the users are given Public/DBDataReader/DBDataWriter Access. To Access Data from SQL Server all users are given the 3 roles in SQL Server. Remaining roles and security permissions are given at Navision level. If we remove the DBDataReader/DBDataWriter/Public permissions, the users are not able to connect from NAvision Client(front end) and access data. This is a typical problem we are facing. We have 100 users here.How do we control. Thanx in advance. Vijay

(I could be wrong, my info is based on 3.7) Sounds to me you didn’t install the Navision for SQL properly. I think you are missing the special Extended Stored Procedures that come with the CD. With the EX_SP installed, all normal users are only with public access to the SQL DB. i.e. No user should be able to access the SQL DB directly, only the Navision Client.

quote:


Originally posted by b2b_vijay
Lars, Thanx for the reply. To access from Navision Front End to SQL Database, all the users are given Public/DBDataReader/DBDataWriter Access. To Access Data from SQL Server all users are given the 3 roles in SQL Server. Remaining roles and security permissions are given at Navision level. If we remove the DBDataReader/DBDataWriter/Public permissions, the users are not able to connect from NAvision Client(front end) and access data. This is a typical problem we are facing. We have 100 users here.How do we control. Thanx in advance. Vijay


Hai Thanx for the Info… You are right…I tried giving Public access only and users are able to connect only through Navision Client and not from any other ODBC connections. The installation was correctly done. But i have a problem here, i have 100 Users and i am finding an error, randomly not regularly while logging into the system. The error says, the sql error:- password cannot be validated. Login error basically. Immediately, i re-enter my loginid and pwd, i get connection. So how can we avoid this error. IF i give datareader/datawriter access i dont face any login problems. So can you help me. Thanx in advance. Regards, Vijay

That’s more of a network problem. Switch the connection type to namepipe and see if this help.

quote:


Originally posted by b2b_vijay
Hai Thanx for the Info… You are right…I tried giving Public access only and users are able to connect only through Navision Client and not from any other ODBC connections. The installation was correctly done. But i have a problem here, i have 100 Users and i am finding an error, randomly not regularly while logging into the system. The error says, the sql error:- password cannot be validated. Login error basically. Immediately, i re-enter my loginid and pwd, i get connection. So how can we avoid this error. IF i give datareader/datawriter access i dont face any login problems. So can you help me. Thanx in advance. Regards, Vijay


Hai, Thanx for the reply. To be more specific, the Error is — 229,“42000”,[Microsoft][ODBC SQL Server Driver][SQL Server]SELECT Permission denied on Object’Object’,database ‘Databasename’,owner’dbOnwername’. This error i get sometimes, i.e once in a day with some of the users. Thanx in advance. Regards, Vijay