Created
October 25, 2013 14:14
-
-
Save ronmichael/7155306 to your computer and use it in GitHub Desktop.
Apply custom logic to prevent some users from logging into MSSQL by applying a logon trigger. This particular example looks at the user's name as well as IP address.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CREATE TRIGGER [access_trigger] | |
| ON ALL SERVER | |
| with execute as 'sa' -- needed to query sys.dm_exec_connections table | |
| FOR LOGON | |
| AS | |
| BEGIN | |
| if original_login() not in ('superadmin', 'anothersuperadmin', 'mydomain\admin') | |
| and exists ( | |
| select * from sys.dm_exec_connections | |
| where session_id = @@SPID | |
| and client_net_address != '<local machine>' -- allow anyone logging on from local server | |
| and client_net_address not like '102.%' -- allow anyone logging on from 102.x.x.x network | |
| ) rollback; | |
| END | |
| GO | |
| ENABLE TRIGGER [access_trigger] ON ALL SERVER | |
| GO | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment