4

Can I restrict access to a specific database on my SQL Server 2008 database based on client IP address? If so, how do I do it? There are multiple databases on this server so we can't block access to the SERVER based on the IP, just a specific DATABASE.

Holger Brandt
  • 4,324
  • 1
  • 20
  • 35
Scott
  • 149
  • 2
  • 9
  • 5
    SQL Server doesn't have any means to do this --> you'll have to use your network infrastructure (firewalls, routers etc.) to achieve this. – marc_s Aug 10 '12 at 14:12
  • 1
    see http://stackoverflow.com/questions/7127602/restrict-sql-server-connection-to-specific-ip-address – stb Aug 10 '12 at 14:12

3 Answers3

2

You absolutely cannot do this at database granularity. You are talking about detecting things like queries using three part names ([banned_db].[dbo].[table]) and synonyms referencing the protected DB while using an unprotected DB. There just isn't any framework in place to do such. You must rely on access security (GRANT/DENY/REVOKE). At best, do what gbn suggests and separate the protected DB into it's own instance and then use Firewall rules to protect its ports.

Remus Rusanu
  • 288,378
  • 40
  • 442
  • 569
1

Personally, I'd use security to do this. Limit access via permissions not via IP.

If you really do need IP address security (eg for banking Secrecy Jurisdictions like Switzerland or Singapore), then use separate servers

gbn
  • 422,506
  • 82
  • 585
  • 676
1

There is currently no way to limit access to a specific database based on the network segment you are coming from. I can see the need for this to limit access to a production DB from a stage server. I guess this is why there is the need to build different SQL servers for each environment.

I believe you can limit SQL access by application http://msdn.microsoft.com/en-us/library/bb669062.aspx

Chris Auer
  • 1,405
  • 12
  • 23