CyberDwarf wrote:
Using Access 2003 ADE with SQL Server (various flavors)

Our Access ADE is locked down, so that users have to enter via the
usual username/password route.
No-one can see the project window (database tables, queries, etc) and
all updating is done through forms.



If a user loads up Excel, he can go Data - Import External Data -
Import Data, whereupon all our backend tables, etc pop alarmingly
into view!!! Aaaaargh

Other developers must have come across this 'feature', so if you have
any suggestions as to plugging the leak I would be very pleased to
hear them.
The only idea so far is to remove the Get External Data option from
Excel

SQL Server tables can be accessed from LOTS of programs just like the tables
from any other database server. That is not a security leak, but rather the
way it is supposed to work. You solve the problem by applying security on
the server. Then people can only see the tables that they have permissions
to.

If your practice has been to leave the tables wide open on the server and
try to control permissions on the application side then that was your
mistake. You can never assume that your program is the only one that will
try to connect to the database.


--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com