Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Exporting Data 1
- Thread starter drallabs
- Start date
mrdenny
Programmer
- May 27, 2002
- 11,595
If a user has SELECT rights to a table they can export the table. There is no way to block it. To block their ability to export the table you would need to remove the users SELECT rights to the table.
Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)
--Anything is possible. All it takes is a little research. (Me)
![[noevil]](/data/assets/smilies/noevil.gif "[noevil] [noevil]")
Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)
--Anything is possible. All it takes is a little research. (Me)
-
1
- #3
Denny has a point - if they can see the data they can make a copy of it if only by typing it themselves into a spreadsheet.
However, you can make it more diffcult for them to do this wholesale by limiting all user database access to stored procs only which do not ever under any circumstances use dynamic SQL (which requires you to give rights to the tables themselves). Then you give them the rights only to the stored procs and not the base tables. This way they can only do what the stored proc specifies and nothing else. At least nothing directly to the data.
If you are a shop with legal requirements that the data is private or if you have confidentiality issues with the data then you need to do this and have every employee sign a paper that tells them that they acknoledge the data is private (and/or corporate property) and is not to be used outside the existing database or taken off site or put into another database or used for private purposes or sold, etc. A lawyer should write this agreement. You should also consider if the dat should be encrypted in the the database and only decrypted by the GUI. One of the most common ways that data is stolen is from the backup tapes which are usually unencrypted. If the data itself is encrypted then even if it stolen, it won't be directly legible.
Questions about posting. See faq183-874
However, you can make it more diffcult for them to do this wholesale by limiting all user database access to stored procs only which do not ever under any circumstances use dynamic SQL (which requires you to give rights to the tables themselves). Then you give them the rights only to the stored procs and not the base tables. This way they can only do what the stored proc specifies and nothing else. At least nothing directly to the data.
If you are a shop with legal requirements that the data is private or if you have confidentiality issues with the data then you need to do this and have every employee sign a paper that tells them that they acknoledge the data is private (and/or corporate property) and is not to be used outside the existing database or taken off site or put into another database or used for private purposes or sold, etc. A lawyer should write this agreement. You should also consider if the dat should be encrypted in the the database and only decrypted by the GUI. One of the most common ways that data is stolen is from the backup tapes which are usually unencrypted. If the data itself is encrypted then even if it stolen, it won't be directly legible.
Questions about posting. See faq183-874
- Thread starter
- #4
I have a question about yoru first comment "Denny has a point - if they can see the data they can make a copy of it if only by typing it themselves into a spreadsheet." I dont understand you are saying here. Are you saying the only way a user who has Select privileges can copy a table is to manually re-type it?
mrdenny
Programmer
- May 27, 2002
- 11,595
If you have select access to the table the user can access the table and copy the data in other method which they please. BCP, QA, EM, Excel, Access, Word, Screenshot, Outlook, copy paste, etc.
Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)
--Anything is possible. All it takes is a little research. (Me)
Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)
--Anything is possible. All it takes is a little research. (Me)
What we are saying is that you can make it harder for them to steal the data but as long as they can see it they can steal it some way.
But if you follow my suggestions, the users will not have direct access to the tables thus making it more difficult to create an unauthorized copy.
But to cover yourself, you should have each person who sees the sign off on a form that states that the data is for business purposes only and copies are not to be made and data is not to be used at home or some other off-site location. MAke sure it states that failure to follow these rules is grounds for dismissal. Get a lawyer to write the document if you want it to stand uo in court.
Questions about posting. See faq183-874
But if you follow my suggestions, the users will not have direct access to the tables thus making it more difficult to create an unauthorized copy.
But to cover yourself, you should have each person who sees the sign off on a form that states that the data is for business purposes only and copies are not to be made and data is not to be used at home or some other off-site location. MAke sure it states that failure to follow these rules is grounds for dismissal. Get a lawyer to write the document if you want it to stand uo in court.
Questions about posting. See faq183-874
- Status
Similar threads