"Kavita" <ka******@yahoo.com> wrote in message
news:b1**************************@posting.google.c om...
Hello All
I am using SQL server 2000 as the backend of my application but don't
want my clients tobe able to view or edit the database tables, stored
procedures , view etc using enterprise manager or query analyser (or
similar tools)How can this be done ?
I searched a lot for this but unable to get the correct answer is
there anybody to give full solution regarding this.
Please relpy me as early as possible
Here are several things you can look at:
1. Do not give the users permission to create procedures, views etc.
2. Use application roles (see sp_setapprole in Books Online)
3. Only allow access to data through stored procedures, and only grant
EXECUTE permissions on the procedures instead of granting permissions on the
tables (this may not be 100% possible if you require dynamic SQL, however)
4. Code your application to set the application name when it connects, then
use APP_NAME() in stored procedures to check the user is using an
'authorized' application (this is easy to fake, though, so it will only stop
an accidental or 'casual' attempt to connect)
5. Use a middle tier to authenticate users and manage connections instead of
allowing them to connect directly to the database server
Simon