Use Trusted Connection-Crystal ODBC Connection

I setup a ODBC connection for Crystal reports, however  when opening a report 
or refreshing a report,  I get the SQL Server Login in window,  asking for a 
login ID and password.

There is also a check box for 'Use Trusted Connection'  and if the user 
checks this box,  the login ID and password grays out and they have access 
any of the Dynamics SQL tables.

Basically someone can build any payroll report they want... and bypass all 
security by checking one simple box

Does anyone know how to disable this check box?
-- 
Doug
0
Doug4515 (774)
10/8/2007 9:59:02 PM
greatplains 29623 articles. 6 followers. Follow

4 Replies
3814 Views

Similar Articles

[PageSpeed] 10

Doug,

It won't be quite that easy.  The reason this works for you is because I 
suspect you are the administrator.  The Trusted Connection works for you 
because you are likely admin on the SQL Server and therefore admin of SQL. 
Joe user isn't SQL Admin on the server and almost for sure doesn't have a 
login using their windows credentials and so if that user would do this then 
that login will fail.  No login, no data.

Also they can't type in their use/password into this login box to use their 
GP user login because of the encrypted password in GP.  The only password 
that is not encrypted would be sa which shouldn't be known to those other 
users.

Now if they DO have a windows authentication to your SQL Server then you're 
right.  You'd have to make sure that windows user doesn't have access to 
sensitive tables in Dynamics then.

patrick
developer support

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.


"Doug" <Doug@discussions.microsoft.com> wrote in message 
news:EE67BFBF-A23C-451A-911E-2DD49FE43BB2@microsoft.com...
>I setup a ODBC connection for Crystal reports, however  when opening a 
>report
> or refreshing a report,  I get the SQL Server Login in window,  asking for 
> a
> login ID and password.
>
> There is also a check box for 'Use Trusted Connection'  and if the user
> checks this box,  the login ID and password grays out and they have access
> any of the Dynamics SQL tables.
>
> Basically someone can build any payroll report they want... and bypass all
> security by checking one simple box
>
> Does anyone know how to disable this check box?
> -- 
> Doug 


0
prot1 (1345)
10/9/2007 2:25:47 AM
When you say 'I am the administrator' do you mean my network username is an 
administrator?

When you say 'likely admin on the SQL server',  is that again my network 
logon name?

How do I deny a windows user access to SQL tables?  I think what you are 
saying is all windows users with admin rights,  are able to use the trusted 
connection checkbox?

thanks
-- 
Doug


"Patrick [MSFT]" wrote:

> Doug,
> 
> It won't be quite that easy.  The reason this works for you is because I 
> suspect you are the administrator.  The Trusted Connection works for you 
> because you are likely admin on the SQL Server and therefore admin of SQL. 
> Joe user isn't SQL Admin on the server and almost for sure doesn't have a 
> login using their windows credentials and so if that user would do this then 
> that login will fail.  No login, no data.
> 
> Also they can't type in their use/password into this login box to use their 
> GP user login because of the encrypted password in GP.  The only password 
> that is not encrypted would be sa which shouldn't be known to those other 
> users.
> 
> Now if they DO have a windows authentication to your SQL Server then you're 
> right.  You'd have to make sure that windows user doesn't have access to 
> sensitive tables in Dynamics then.
> 
> patrick
> developer support
> 
> -- 
> This posting is provided "AS IS" with no warranties, and confers no rights.
> 
> 
> "Doug" <Doug@discussions.microsoft.com> wrote in message 
> news:EE67BFBF-A23C-451A-911E-2DD49FE43BB2@microsoft.com...
> >I setup a ODBC connection for Crystal reports, however  when opening a 
> >report
> > or refreshing a report,  I get the SQL Server Login in window,  asking for 
> > a
> > login ID and password.
> >
> > There is also a check box for 'Use Trusted Connection'  and if the user
> > checks this box,  the login ID and password grays out and they have access
> > any of the Dynamics SQL tables.
> >
> > Basically someone can build any payroll report they want... and bypass all
> > security by checking one simple box
> >
> > Does anyone know how to disable this check box?
> > -- 
> > Doug 
> 
> 
> 
0
Doug4515 (774)
10/9/2007 1:41:02 PM
If you give them Crystal Reports and a Id to log on then they will have 
access to all the tables.   There are a number of ways to restrict this but 
the easiest is create a new SQL Id and give access to either tables or views 
in which you want access.  Also if users have access to FRx and you give them 
Crystal they will have access to your whole database.    Great Plains 
encrypts the SQL password but you have to unencrypt them to use them for FRx 
and Crystal.   

Note I could be wrong about FRx as I quit using it year ago but that is 
historically the way it has been.

"Doug" wrote:

> When you say 'I am the administrator' do you mean my network username is an 
> administrator?
> 
> When you say 'likely admin on the SQL server',  is that again my network 
> logon name?
> 
> How do I deny a windows user access to SQL tables?  I think what you are 
> saying is all windows users with admin rights,  are able to use the trusted 
> connection checkbox?
> 
> thanks
> -- 
> Doug
> 
> 
> "Patrick [MSFT]" wrote:
> 
> > Doug,
> > 
> > It won't be quite that easy.  The reason this works for you is because I 
> > suspect you are the administrator.  The Trusted Connection works for you 
> > because you are likely admin on the SQL Server and therefore admin of SQL. 
> > Joe user isn't SQL Admin on the server and almost for sure doesn't have a 
> > login using their windows credentials and so if that user would do this then 
> > that login will fail.  No login, no data.
> > 
> > Also they can't type in their use/password into this login box to use their 
> > GP user login because of the encrypted password in GP.  The only password 
> > that is not encrypted would be sa which shouldn't be known to those other 
> > users.
> > 
> > Now if they DO have a windows authentication to your SQL Server then you're 
> > right.  You'd have to make sure that windows user doesn't have access to 
> > sensitive tables in Dynamics then.
> > 
> > patrick
> > developer support
> > 
> > -- 
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> > 
> > 
> > "Doug" <Doug@discussions.microsoft.com> wrote in message 
> > news:EE67BFBF-A23C-451A-911E-2DD49FE43BB2@microsoft.com...
> > >I setup a ODBC connection for Crystal reports, however  when opening a 
> > >report
> > > or refreshing a report,  I get the SQL Server Login in window,  asking for 
> > > a
> > > login ID and password.
> > >
> > > There is also a check box for 'Use Trusted Connection'  and if the user
> > > checks this box,  the login ID and password grays out and they have access
> > > any of the Dynamics SQL tables.
> > >
> > > Basically someone can build any payroll report they want... and bypass all
> > > security by checking one simple box
> > >
> > > Does anyone know how to disable this check box?
> > > -- 
> > > Doug 
> > 
> > 
> > 
0
JimHummer (81)
10/18/2007 5:21:01 AM
We do have a SQL ID (KMM) that has access to only some of the SQL tables that 
users use to access Crystal report (this is the username for the ODBC 
connection).  TThis KMM username for example can not see the payroll tables, 
(does not have access to them in SQL)

However,  in the password window of crystal,  there is a 'Use trusted 
Connection' check box,  that if this KMM user checks,  all tables are again 
visible.

Do I need to remove the windows logon from access to SQL or the SQL server 
or something?

thanks!
-- 
Doug


"Jim Hummer" wrote:

> If you give them Crystal Reports and a Id to log on then they will have 
> access to all the tables.   There are a number of ways to restrict this but 
> the easiest is create a new SQL Id and give access to either tables or views 
> in which you want access.  Also if users have access to FRx and you give them 
> Crystal they will have access to your whole database.    Great Plains 
> encrypts the SQL password but you have to unencrypt them to use them for FRx 
> and Crystal.   
> 
> Note I could be wrong about FRx as I quit using it year ago but that is 
> historically the way it has been.
> 
> "Doug" wrote:
> 
> > When you say 'I am the administrator' do you mean my network username is an 
> > administrator?
> > 
> > When you say 'likely admin on the SQL server',  is that again my network 
> > logon name?
> > 
> > How do I deny a windows user access to SQL tables?  I think what you are 
> > saying is all windows users with admin rights,  are able to use the trusted 
> > connection checkbox?
> > 
> > thanks
> > -- 
> > Doug
> > 
> > 
> > "Patrick [MSFT]" wrote:
> > 
> > > Doug,
> > > 
> > > It won't be quite that easy.  The reason this works for you is because I 
> > > suspect you are the administrator.  The Trusted Connection works for you 
> > > because you are likely admin on the SQL Server and therefore admin of SQL. 
> > > Joe user isn't SQL Admin on the server and almost for sure doesn't have a 
> > > login using their windows credentials and so if that user would do this then 
> > > that login will fail.  No login, no data.
> > > 
> > > Also they can't type in their use/password into this login box to use their 
> > > GP user login because of the encrypted password in GP.  The only password 
> > > that is not encrypted would be sa which shouldn't be known to those other 
> > > users.
> > > 
> > > Now if they DO have a windows authentication to your SQL Server then you're 
> > > right.  You'd have to make sure that windows user doesn't have access to 
> > > sensitive tables in Dynamics then.
> > > 
> > > patrick
> > > developer support
> > > 
> > > -- 
> > > This posting is provided "AS IS" with no warranties, and confers no rights.
> > > 
> > > 
> > > "Doug" <Doug@discussions.microsoft.com> wrote in message 
> > > news:EE67BFBF-A23C-451A-911E-2DD49FE43BB2@microsoft.com...
> > > >I setup a ODBC connection for Crystal reports, however  when opening a 
> > > >report
> > > > or refreshing a report,  I get the SQL Server Login in window,  asking for 
> > > > a
> > > > login ID and password.
> > > >
> > > > There is also a check box for 'Use Trusted Connection'  and if the user
> > > > checks this box,  the login ID and password grays out and they have access
> > > > any of the Dynamics SQL tables.
> > > >
> > > > Basically someone can build any payroll report they want... and bypass all
> > > > security by checking one simple box
> > > >
> > > > Does anyone know how to disable this check box?
> > > > -- 
> > > > Doug 
> > > 
> > > 
> > > 
0
Doug4515 (774)
10/18/2007 2:02:04 PM
Reply:

Similar Artilces:

Using keywords in Rules and Alerts in Outlook
I've created several Rules to move messages that contain keywords into a specified folder. One of our Keywords is "POS" an abbreviation for Point of Service. Unfortunately the rule is moving all messages that have words with pos in them into the folder, like positive, position, post, etc... How can I stop this from happening? Try "POS " or " POS " - otherwise, you'll need to use exceptions - except if posi or post -- Diane Poremsky [MVP - Outlook] Outlook Tips: http://www.outlook-tips.net/ Outlook & Exchange Solutions Center: http:/...

Outlook Connector for Lotus Domino
Anyone have any experience using the Outlook Connector with a Domino server where the client just hangs for 5+ mins while the email and calendar is syncronized? (freezing the whole machine) The LN server sys admin tells me Outlook is opening around 70 connections with the server (which explains the hangind). Are there any know workarounds for this? Or configuration settings? I actived the Logging feature in OL 2003, but haven't been able to decipher anything there that points me to an obvious problem. I have installed: XP Pro v2002 with SP2 MS-Office Pro/Outlook 2003 (11.6...

Which Mac Office 2004 licenses have I used?
Hey there - we're struggling with office 2004 at the moment; we must have installed the same license key on more than iMac - can someone tell me how to check which of our 3 licenses we've used? We have a 3 license version, installed twice and they won't let each other run simultaneously (without pulling out one of the network cables that is) Thanks! Alan Melbourne Hiya to change the licence: 1. run the Office Removal tool, you will find it here: Applications/Microsoft Office 2004/Additional Tools/Remove Office/ RemoveOffice 2. When the first screen appear "Welcome to r...

Can i use a MFC control in a non-MFC window ?
Hi, I'd like to use a MFC control in a non-MFC window (for GINA limitations). Is it possible to link this control to my window handle ? The requirement when developping a GINA is that i have to use the DialogBox function provided by the Winlogon, and so, I can't use a pure MFC dialog box without overloading the DoModal function and it's a big mess. For one of my windows i want to use the CListBoxST class found on CodeGuru. So i wanted to create a CListBoxST objet and attach it to my window handle. Is it possible without having to "port" the whole class in Win...

Issue with OL 02 when sharing a connection
Hi I'm sharing an internet connection across a small LAN (using 4 machines with XP Pro) and I'm having an issue sending and receiving email on the three machines that don't have the connection. It's looking for a network password. It wasn't doing this originally but it is now. Is there a way to stop it looking for the network password as it doesn't need to. I'm having no problem with the actual account because I can send and receive on the 1 machine that connects directly. All help would be greatly appreciated M. ...

Microsoft Access - ODBC Drivers error
While a user tries to log, with Internet Explorer, onto a MS ACCESS database application , which uses IIS and Active Server Pages, the following error comes: Microsoft OLE DB Provider for ODBC Drivers error 80040e [Microsoft] [ODBC Microsoft Access Driver] Too many client tasks. Hi, Microsoft Access allows up to 10 concurrent connections of "clients" at a given time. If you know that fewer than 10 connections are being used, then it is necessary to tell Access to close unused connections. Other newsgroup postings suggest: " connections to you database open. Make sure...

Hotmail and MS Exchange using Outlook 2003
I have a client using Outlook 2003 on a Win XP SP2 workstation attached to a SBS 2003 server running Exchange 2003. This client uses Hotmail for his public (external) e-mail, but uses Exchange server to send e-mails to other LAN users within the office. Everything works OK, except that each time he reboots the workstation, Exchange becomes the default e-mail transport. This causes messages sent via Hotmail to fail. We can work around the issue by setting Hotmail to be the default transport after we reboot, but the settings don't persist through a reboot of the workstation. Does any...

How to Control Template Styles when using Word as Email Editor?
I have a "funny" thing going on with Word and Outlook (Version 2003 in both). Configured Word as email editor, sending in "plain text". Worked great. (main purpose is to get Word's writing not formatting features). While writing in Word (nothing to do with Outlook) I changed paragraph format for "normal" style in normal.dot to "6 point after", e.g. 1/2 a line. Didn't like that change to changed it back. to "0" lines after. Ever since that change, when editing email in Outlook, it has 1/2 line spacing after each paragraph. Thi...

using outlook #2
can someone tell me how to start using outlook and how to get it to receive my emails direct into outlook? I don't know what version you are running but try this. Open Outlook and go to the Tools Menu. Select either Services or Accounts and begin to set up your account. You will probably need to add an Address Book, and Personal Folder, and an Email account type. We normally use Internet E-Mail. You will need to configure the account type with name, address, and maikl server info. "Justin-Lost" wrote: > can someone tell me how to start using outlook and how to get it t...

Problems connecting to accounts
I am having problems downloading from most of my accounts. Some work but most do not, there is nothing I can do about this, is there? ...

Printing using MFC ??
Hi, I have some printing related Qs in MFC frame work. 1. How to print big text on multiple pages. My undersatnding is that for every page OnPrint is called, Is this correct ? So OnPrint will be called n number of times ??? 2. How can I put some gaps between text and start the printing on a new page. Reagrds, Harvinder Singh Harvinder Singh, Check out the following link (beware of wrapping): http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vccore98/ht ml/_core_printing.3a_.multipage_documents.asp Johan Rosengren Abstrakt Mekanik AB "harvinder singh&qu...

Send as permissions using exchange 2003
Hi, I have a client who we are trying to configure send as rights for. Basically if i go into user object > exchange advanced > mailbox rghts > advanced > add user > edit permissions I am unable to see the option to send or receive as. I have tried to enable send as on the object using adsiedit but this does not seem to translate to being available in the ADUC If anyone has any ideas please let me know. Matthew As it is, i actually left the permissions applied in adsiedit and after a while it started working. Still strange tht i cannot see the send as rights in ADU...

How to I use ** without Excel thinking I want to type a formula?
I am using Excel (Office 2003) to create a table and I need to use two of these: * to indicate significant results for a research study. How do I tell Excel that I just want to display this symbol after a three digit number without it thinking I want to type a formula? Turn off Lotus transition under tools>options>transition and uncheck transition formula entry Regards, Peo Sjoblom "Buff" wrote: > I am using Excel (Office 2003) to create a table and I need to use two of > these: * to indicate significant results for a research study. How do I tell > Excel th...

@which function to use when
Sir, I have a row in excel with cells containing 88.23, 89.01, 72.39, 54.52 and I want to know which fuction/formula to use for making these as 88.25, 89.00, 72.40, 54.50. Please help. Thanks. On Sat, 9 Jan 2010 01:43:23 +0530, "Sandeep Lohchab" <sandeeplohchab@yahoo.com> wrote: >Sir, I have a row in excel with cells containing 88.23, 89.01, 72.39, >54.52 and I want to know which fuction/formula to use for making these as >88.25, 89.00, 72.40, 54.50. Please help. Thanks. > Try this formula: =MROUND(A1,0.05) Hope this helps / Lars-...

Use of the DSUM function
Who can give me a hand? I am using the function below; so far so good. DAvg("[wng_OPP_SLPK1]";"TBL_Woningen";"[wng_CFT Code] = """ & [pdt_CFT code] & """") Now I need to generate a sum on a field that contains the value "J". How can I change the function: Sum(IIf([TBL_Woningen]![wng_COD_INDCV]="J";1;0)) into a DSum function where the field to sum is wng_COD_INDCV (with the text "J"), the table TBL_Woningen and the criteria [wng_CFT Code] = """ & [pdt_CFT code] & "...

Use values instead of labels on X-axis in Area/Stacked Area Charts
When building a stacked area chart, independent of how the linked cells are formatted, the chart uses the x-axis values as simple text labels. Since my values are not equally spaced, this distorts the plot, and I have not found any method through the help menus to change this formatting. Any help would be greatly appreciated. This technique might give you some ideas: http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=508 - Jon ------- Jon Peltier, Microsoft Excel MVP Tutorials and Custom Solutions http://PeltierTech.com _______ "Ryan" <Ryan@discussions.micr...

webservice and using some kind of response to the client
Hello! When using ASP.NET(aspx page) I can use Respone.Write to send information to the browser.. I know that it would be better to use Windows-application event handle log but just for learning assume that I want to send ex.Message to the browser when an exception occur how can I do that. I tested to use Respone.Write but that was not possible ? [WebMethod] public decimal HowMuchWillItCost(string productName, int howMany) { SqlConnection sqlConn = null; try { ConnectionStringSettings cs = ConfigurationManager.ConnectionStrings["No...

Copy file from one directory to a new directory, using excel spreadsheet as reference for items to be copied
All- I have an excel spreadsheet containing 7509 rows (Products), and I have a directory containing 16,421 image files. The images are all named by the Product Number, which is also a row in my excel spreadsheet. I need to query the excel spreadsheet to get all the product numbers, then check my current directory for a <productNumber>.jpg file. If the file exists, I need to COPY it to a new directy. If it does not exist, I need to write the product number to a text file that I can go over after the fact to obtain the image for the products missing photos. On Dec 17, 9:49...

Directory & Mail Connections
Hi I have exchange 2003 SP1 on a W2K3 SP1. I have 2 remote ofices connected via VPN with DC's on each site. If i connect to exchange with outlook 2003 using outlook /rpcdiag to view the connection status it shows the Mail connections to the exchange box and the Directory connection to teh domain controller as it should. However the Directory connection is to a DC on one of the remote sites which is fine for users on the main site and that remote site but the users on the 3rd site are unable to connect as there is no tunnel for them to connect over. This has occurred recently as bef...

Where to use static constructor and static class
dear friends Can you tell me in which scenario we have to use static class and static constructor? Thanks in advance Ashok kumar wrote: > dear friends > Can you tell me in which scenario we have to use static class and > static constructor? Use a static class when you want to implement functionality that does not require per-instance state (i.e. all consumers of the class can share the state). Use a static constructor when you need to initialize state in a class that is shared by all consumers of the class. Pete ...

Using percentages #2
I am using percentages to calculate a score of 1 - 5 which updates a dashboard. I have an average of multiple scores adding up to 100% or less. I would like to make an input of 0 to remove this column from the average of other scores. example " =average(i7:i16)" if "i8" input is "0", remove "i8" from average "=average(i7,i9:i16)"... Any suggestions, (thanking you in advance) Use your formula like this... =SUM($I$7:$I$16)/(COUNT($I$7:$I$16)-COUNTIF($I$7:$I$16,0)) Just change the cell reference to your desired cell if required. If t...

How do I use vbSendMail with this Project?
I have a VB5 project that has a button that I want to click and have the vbSsendMail form display from which I will send Emails to some customers. ********Sample Code in this VB5 Project below: Option Explicit Private Sub Load() End Sub Private Sub cmdSendEmail_Click() MsgBox "Need code here to ""Send an Email"" using vbSendMail" End Sub Private Sub cmdExit_Click() End End Sub I have downloaded the vbSendmail.dll and registered it on my computer. What code do I need to insert in the project above to make I make it happen? "Denn...

using add query with subform fields
I am trying to run an add query and add data from a running subform into a table. everything is working fine except for the fact that only the first row of data from the subform is being added to the table. is there anyway that I could arrange to have all the rows in the subform added to the table? Thanks in advance "all the rows in the subform" must come from a table or query. Use this as the source for an append query. -- Duane Hookom Microsoft Access MVP If I have helped you, please help me by donating to UCP http://www.access.hookom.net/UCP/Default.htm "ftaghabon...

I used Save instead of Save AS in word 2003
Help i used 'Save' instead of 'Save AS' in word 2003 and have overwritten a complicated document. I know i should have done the save as before i did the changes but that's too late now :( I have done nothing else and the document is still open. Is there any way to recover the original document? -- Sydneysider Probably not, unless you had the option set to automatically create a backup of your file each time you save it and then, only if you have saved the new file with the old name ONLY ONE TIME. -- Hope this helps. Please reply to the newsgro...

Error in VBA connection
hi, i make Recordset with connection to SQL server in VBA and there is error number " -2147467259" raised with desc "Unspecified error" and i don't know how to solve it.also i install SP3 and no use please help thank you ...