QBO3 supports the ability to run ad-hoc queries against the QBO database. Ad-hoc queries can be dangerous; just ask little Bobby Tables. In order to minimize the risks associated with ad-hoc queries, the following security constraints are in place: - The user must be part of a role that has RoleAdHoc permissions
- There must be a dedicated connection string that ad-hoc queries will be run under
- by default, this connection string must be named 'qbo.AdHoc'
- this may be overridden at a Role or Person level by defining a SystemDefault called AdHocConnection
- The dedicated connection string should be configured to use a SQL account with minimal privileges, specifically
- GRANT SELECT ON {user tables}
- Do not GRANT SELECT ON ConfigurationEntry
- Do not GRANT CREATE, GRANT DROP, or GRANT ALTER
- Do not GRANT DELETE, GRANT UPDATE, or GRANT INSERT
|