current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 1 down vote favorite

We would like to give users of our system the opportunity to drag some of the data from a database into Excel. (Only reading data, no chance of writing any data back to the DB). The users do not have direct access to the database, so we would have some authentication for them in place. (Firstly to connect to the database, but also secondly to use the security settings of our system, so that user 1 is only allowed to see certain tables.)

I was instructed to begin writing a C# addin for this, but a colleague was instructed to write a VBA macro.

I was thinking of using the Entity Framework to access the data, but I haven't worked with it before. I don't know what they would be using from within the macro, but the macro-manager thinks that I will be killing the network with the heavy data transfer. He also doesn't like the idea that the users have to install the add-in on their computers. However, I have a vague uneasiness regarding macro's and the notion that they're not very secure. How safe are macro's? Are they tweak-safe, or could a knowledgable user change the code?

I would like to know, what are the pro's and con's of each approach and what the general feeling is of people with more experience and knowledge than myself?

With particular regard to matters such as:

  • Information Security (Some tables should not be accessed.)
  • Network traffic
  • Ease of maintenance and future modifications
  • Any other relevant concern that I've missed

Kind regards,

share|improve this question
    
security lies on the server side not vba. you grand access to users on the server side and users only use their credentials to log in to the database via vba. No risk of breaking in... write a macro to login in to db and retrieve recordset and if you still having problem with you 'code' then come back and post here - your question is likely to be closed. –  me how May 15 '13 at 11:10

1 Answer 1

up vote 0 down vote

What I would do in a situation like this is: -Create Views on the database and assign them to a schema. Don't restrict the data, just specify the columns you want them to see, let them filter the data in Excel (assuming it's a massive amount of data returned) -Create an Active Directory Group and give members of it read access to that schema -Use the Excel -> Data -> Connections (It's in Excel 2010, not sure about 2008) to connect worksheets to that View

They can mess away with the data in excel, but it can't be written back to the database. And you can restrict what tables / columns they can see, and do the joins for lookup tables in the View so they don't see the Database Ids.

share|improve this answer
    
Yes, this is a good idea. However, it is not what we are looking for. Our situation is much more complex. Sometimes a certain user should be able to view a certain table, but not all the records in the table. This is accomplished by a stored procedure that checks which records a user can see, but this isn't static, it's not as simple as a once-off check. So I can not create a view for every imaginable scenario that might pop up. The users are not technical, if they were, they could drag data into Excel by themselves (if they had the DB username and password). –  Mikrur May 27 '13 at 5:54

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.