Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

How to restrict DBA access to local only

3 posts in General Discussion Last posting was on 2003-10-08 12:22:35.0Z
Mousa Shaya Posted on 2003-10-07 21:16:20.0Z
From: "Mousa Shaya" <NOSPAM_Mousa.Shaya@nokia.com>
Newsgroups: ianywhere.public.general
Subject: How to restrict DBA access to local only
Lines: 11
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Original-NNTP-Posting-Host: esnat01x.nokia.com
Message-ID: <3f832deb@forums-2-dub>
X-Original-Trace: 7 Oct 2003 14:19:39 -0700, esnat01x.nokia.com
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 7 Oct 2003 14:10:50 -0700, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 7 Oct 2003 14:16:20 -0700
X-Trace: forums-1-dub 1065561380 10.22.108.75 (7 Oct 2003 14:16:20 -0700)
X-Original-Trace: 7 Oct 2003 14:16:20 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:1832
Article PK: 17395

Sybase Adaptive Server Anywhere Network Server Version 8.0.2.3601

Is there anyway for us to prevent any DBA account logins from occcurring
remotely.
This is for enshuring secuirty, I don't want any remote dba access to the
db. I would like to enforce DBA access to be only on the local mchine.

Thanks
Mousa Shaya


Breck Carter [TeamSybase] Posted on 2003-10-07 22:57:23.0Z
From: "Breck Carter [TeamSybase]" <NOSPAM__bcarter@risingroad.com>
Newsgroups: ianywhere.public.general
Subject: Re: How to restrict DBA access to local only
Organization: RisingRoad Professional Services
Reply-To: NOSPAM__bcarter@risingroad.com
Message-ID: <lrg6ovs65io63lffdn4pl0378qqkk62kh5@4ax.com>
References: <3f832deb@forums-2-dub>
X-Newsreader: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Original-NNTP-Posting-Host: bcarter.sentex.ca
X-Original-Trace: 7 Oct 2003 16:00:41 -0700, bcarter.sentex.ca
Lines: 24
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 7 Oct 2003 15:51:52 -0700, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 7 Oct 2003 15:57:23 -0700
X-Trace: forums-1-dub 1065567443 10.22.108.75 (7 Oct 2003 15:57:23 -0700)
X-Original-Trace: 7 Oct 2003 15:57:23 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:1833
Article PK: 17364

You might be able to do something interesting in a connection event,
determine where the connection is coming from and suppress it if it is
remote.

Breck

On 7 Oct 2003 14:16:20 -0700, "Mousa Shaya"

<NOSPAM_Mousa.Shaya@nokia.com> wrote:

>Sybase Adaptive Server Anywhere Network Server Version 8.0.2.3601
>
>Is there anyway for us to prevent any DBA account logins from occcurring
>remotely.
>This is for enshuring secuirty, I don't want any remote dba access to the
>db. I would like to enforce DBA access to be only on the local mchine.
>
>Thanks
>Mousa Shaya
>

--
bcarter@risingroad.com
Mobile and Distributed Enterprise Database Applications
www.risingroad.com


"Bruce Hay" Posted on 2003-10-08 12:22:35.0Z
From: "Bruce Hay" <hay at sybase dot com>
Newsgroups: ianywhere.public.general
References: <3f832deb@forums-2-dub>
Subject: Re: How to restrict DBA access to local only
Lines: 24
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
NNTP-Posting-Host: hay-xp.sybase.com
X-Original-NNTP-Posting-Host: hay-xp.sybase.com
Message-ID: <3f84018b$1@forums-1-dub>
Date: 8 Oct 2003 05:22:35 -0700
X-Trace: forums-1-dub 1065615755 172.31.142.57 (8 Oct 2003 05:22:35 -0700)
X-Original-Trace: 8 Oct 2003 05:22:35 -0700, hay-xp.sybase.com
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:1836
Article PK: 17412

The place to check this is in the login procedure (see Login_procedure
option). Check for connection_property('CommLink') = 'local'. You will also
need to query SYSUSERPERM (or SYSUSERAUTH) to see if the connecting user has
DBA authority. If it is a DBA and the connection is not local, use SIGNAL or
RAISERROR to report an error and fail the connection.

Whitepapers, TechDocs, bug fixes are all available through the iAnywhere
Developer Community at http://www.ianywhere.com/developer

"Mousa Shaya" <NOSPAM_Mousa.Shaya@nokia.com> wrote in message
news:3f832deb@forums-2-dub...
> Sybase Adaptive Server Anywhere Network Server Version 8.0.2.3601
>
> Is there anyway for us to prevent any DBA account logins from occcurring
> remotely.
> This is for enshuring secuirty, I don't want any remote dba access to the
> db. I would like to enforce DBA access to be only on the local mchine.
>
> Thanks
> Mousa Shaya
>
>