04-17-2012 10:32 AM
We have some account visibility requirements which are somewhat complex. Using the sync rules for remote users, we are able to send the remotes only accounts to which they should have access. That works well. All of our network users should see all accounts, so that is also good.
The problem is that there is nothing to prevent a remote user from creating a new data link and connecting to our network database and gaining access to all accounts. (All accounts are owned by the same team and all users belong to that team.)
Sure would be nice to have a check-box in the admin for "Remote Only", but that doesn't exist. What is the next easiest way to prevent users from connecting to the network database?
Solved! Go to Solution.
04-17-2012 10:42 AM
I'm not a network guy, but what I was thinking was maybe locking down the SLX Server so that only folks that belong to a specific Active Directory group would be able to connect? Not sure how the SLX connectors work with AD...??
04-17-2012 11:33 AM
One approach would be to create a quick vbScript and add it to the Database OnOpen event that compares the user type of the current user and the database type of the database they are connecting to. If they are a Remote user and the DB Type = 01, close the application programatically and popup a message box indicating they need to use their remote db.
04-17-2012 01:08 PM
Actually, DBOpen is not a reliable event... it is really "DBopening........ sometime soon.."
You want to hook into the Global Event Handlers (Global Scripts) and use Application_LogonComplete..
04-17-2012 01:09 PM
Just read the SystemInfo table on an "Application Logon Complete " in a Global (event handler) script?. If the user is a remote and the SYSTEMINFO.DBTYPE is NOT a remote db (type), then pop a message.. app quit.
Const MainDB = 1
Const RemoteDB = 2
Const REmoteOfficeDB = 3
We have developed a "user tracking/logon/off" app that can handle this for you as well as do version checking (to the build level) of the client app.. prevent login? record a "failed" attempt if they try to bypass?
You can also block access to the Library and Attachment(s) Shares to only those users who authenticate in the (Windows) Domain to prevent unauth logins? BUT if the remote(s) are using Windows Domain Authentication.. this will not work.