I have a third-party application that connects to a SQL Server database via a SQL Server Native Client 10 ODBC data source. The application requires that each user of the application must have read/write/execute access on the database.
My concern is that this allows each user to connect directly to the database (using Microsoft Excel, SSMS or any other database connection tool) and change or view the data in any way they care to without the controls, restrictions or auditing enforced by the application.
I cannot change the requirement for each user to have access to the database (at least not without paying for the application to be re-written somehow!) but I was wondering if there was a way to restrict access so that those users can only connect to the database via the server where the application is hosted, or via that one specific ODBC data source, or when the connection is set up by that specific application?
I suspect that I know the answer as I haven't been able to find anything, but I wanted to throw the question out there before I gave up on this.
Thanks,
Paul.
