Advice On Security Model For XML Web Services For Many Users In Active Directory Role
Feb 21, 2006
I am working on the security model for an application that will be used by 100s of users with a dedicated SQL 2005 database for this application and access via SQL XML Web Services.
The client has asked to make it "open" during alpha testing such that anyone can access the web services without having to set them up first. Is there a way to do this? The best I can figure is to use mixed mode security and hard code a login and password. Any method using Windows authentication would require that I add every user at a minimum to the database.
In production, all users will have an active directory role specified that determines if they should have access to the web services or not. However, it is my understanding that to use Windows authentication, I would still need to add each individual user at a minimum as a Login to the SQL Server, and under best practices also as database users with permissions granted to the endpoint.
Am I correct in the above, or is there a more efficient way to achieve these results?
Thanks
-L
View 1 Replies
ADVERTISEMENT
Apr 24, 2015
I have more than 3000 Active Directory Users, I have created Role Level Security on one table by using Suser_name(), Now all the active directory users need to connect sql server and access the database role object. How can I achieve that without Using .net?
I am able to add all active directory users to sql server in one go, but I am also trying to achieve same time to map with database role as well? Is it possible ?
View 2 Replies
View Related
Oct 25, 2007
I neet save user login form active direcotry to databases. How I can make that?
View 1 Replies
View Related
Apr 6, 2007
Has anyone used this successfully from an OLEDB source component, or even from the Execute SQL Task? I've seen some examples of using a script component, but nothing that uses it through a connection manager.
View 6 Replies
View Related
Mar 24, 2006
Hi,
I'm trying to extract all the users and their membership to groups, and the membership of groups to groups from active directory though a link to server.
I can get the users. I can get the groups.... individually.
I can't get the info of what user is a member of or who are members of a group.
Anyone know how to do this or am I going to have to right a vb app? (Anyone already got the code...)
I want to load this data into tables for reporting in my Data Warehouse.
Cheers
Chris
View 1 Replies
View Related
Oct 1, 2015
Current: One common SQL login is being used by SQL DBA on all the servers
New Plan: Creating one windows AD group, adding the DBA's to that group and create as a login with sysadmin server access on all the SQL Server boxes
how to achieve this activity. Creating SQL login is fine but how to change the ownership of various objects, jobs to new login on all servers?
View 3 Replies
View Related
Aug 7, 2007
We are using Windows authenication within our system, and I was wondering how it would be possible to determine if the user conected to the SQL SERVER instance was a member of a particular active directory security group?
Thanks.
View 3 Replies
View Related
Aug 28, 2014
I am looking to write a script that would give the list of all active users in a database with their privileges.
Sample would look something like this.
Login User Schema IsdbOwner canWrite canRead
xyz xyz dbo N Y Y
View 2 Replies
View Related
Apr 17, 2008
When we assign security in SRS, in the user name field we have to type the domainusername manually. We cannot see the drop down of all the users in Active directory. Is it possible to configure SRS to get the names from Active directory. If we add any new users to our AD, it automatically refreshes at certain set intervals.
I am talking to a similar function in Sharepoint.
I browsed through a bit on this and think it is not possible. But I want to make sure that I am on the right path.
Can you please correct me if my understanding is right?
I appreciate your help and thank you for your time,
View 3 Replies
View Related
May 23, 2007
I need to add one of our servers to active directory. I found some documents on SQL 2000 but no good document on SQL 2005. Can you please guide me to the documentation for this? Thanks
View 4 Replies
View Related
Nov 21, 2007
I hope someone can help.
I'm working on a web project that will display the reports in an iframe to the user. When I was using windows security It worked perfectly.
Now my boss wants me to use form based authentication instead that can authenticate against our current Active Directory. This is working perfectly and does authenticate correctly. The only problem is that when I load a report in the iframe http://myserver/reportserver/myreport-blah reporting services prompts the user to enter in windows credentials. Is there anyway to pass my form credentials to the report server so that the user doesn't have to log in again.
Both the report server and the web app are on the same server BUT in different virtual directories.
PS: I tried using the reportviewer control but it does not display things correctly. For example, I have use a multi select dropdown on the reports and it messes up the drop down when the user only has 1 selection (hiding the selection). If the user has more than one selection the drop down uses scroll bars. I would use the reportviewer control if it displayed exactly like it does when using alternate URL method.
Any help would be MUCH appreciated!
Thanks!
View 5 Replies
View Related
Jul 24, 2015
We have table where we want to populate the fields from Active Directory using Script Task in ssis 2008 .
CREATE TABLE [ZPTSMGR].[ActiveDirectoryRaw](
[Id] [int] IDENTITY(1,1) NOT NULL,
[LoginName] [nvarchar](50) NULL,
[LastName] [nvarchar](100) NULL,
[MiddleName] [nvarchar](50) NULL,
[FirstName] [nvarchar](100) NULL,
[code]...
View 4 Replies
View Related
Sep 14, 2006
The permissions granted to user 'xxxxyyy' are insufficient for performing this operation. When a user is deleted and then readded to active directory. Reporting services returns the insufficient permissions granted error. In dbo.users in the sql database there are 2 entries for the deleted user one with UserType 0 and another with UserType 1. How do you clean up reporting services or sql to allow the reciently re-added user to re-connect to reporting services. We use the MY-Reports option of reporting services but cannot delete the home directory for this user either in report Mgr. The same error is returned for this action.
View 1 Replies
View Related
Feb 11, 2015
I am running into a weird issue with a new SQL Reporting Services 2014 server I built. I installed SQL Reporting 2014 on Windows Server 2012 R2 and configured Kerberos, but the site is extremely slow. After some reconfiguration and log captures I have determined the issue has to do with the Kerberos setup, however I am running a similar configuration with SQL Reporting Services 2008 on Windows Server 2008 R2 and do not run into the same errors.
The error I see while using Wireshark is KRB Error: KRB5KDC_ERR_BADOPTION NT Status: STATUS_NO_MATCH. When I drill down the into the error I can see the kerberos string is testprjmnmtreports14.company.com, which is the URL we are using to access the site. I made sure to add that name as an SPN for the service account that is running SQL Reporting Services, however I still receive the error.
Then I tried configuring the site to run without a hostheader, so I accessed the site with the server name, ECTSTSQLRS5, and the site works perfectly fine, no errors are reported either. So it seems I have isolated the issue down to Kerberos but I am not sure how to resolve it. Here is some more information about my environment:
DNS/URL used: testprjmnmtreports14.company.com
Server Name (FQDN): ECTSTSQLRS5.company.int
AD Domain Name: company.int
Server Version: Windows Server 2012 R2
AD Functional Level: 2008 R2
As you can see I am trying to use a .com address but my AD domain is .int which I think is the issue, but I do not have the same problem on my other server that is running Windows Server 2008 R2. What do I need to do to allow my new site on 2012 R2 to work with this DNS Alias?
View 0 Replies
View Related
Nov 6, 2001
Hi all,
Now I want get AD value(e.g file path),how can I get this value from AD?
Thanks
View 1 Replies
View Related
Nov 24, 2004
Hie,
Someone can tell me haw can i do in order to migrate my server sql to active directory.
What is the step
View 1 Replies
View Related
Jun 18, 2007
I want to use an Active Directory security group that is a Distribution List for a new role assignment for an existing report. Can someone tell me if this is possible? I get an error each time I try:
The user or group name <DLName> is not recognized. (rsUnknownUserName)"
View 1 Replies
View Related
Sep 28, 2015
I am trying to revert back to Windows 7 after upgrading to Windows 10, however it will not let me and the following message occurs: "Remove new accounts.Before you can go back to a previous version of Windows, you'll need to remove any user accounts you added after the most recent upgrade. The accounts need to be completely removed, including their profiles.You created one account (NT SERVICEMSSQLSERVER) Go to Settings> Accounts> Other users to remove these accounts and then try again".However I did not create any new users and there are no other users listed in the Accounts section.
View 2 Replies
View Related
Jun 6, 2004
Hello,
I have recently upgraded my the server that runs SQL Server to an Active Directory Domain Controler. Now I can't connect to the SQL Server from ASP.NET Applications when the application is not located on the local machine. The error message I get is SQL Server does not exist or access is denied.
I have no problems connecting with QueryAnalyer and Enterprise Manager from my workstation. I have added the Sql Server to the directory via the "Active Directory"-tab in the Property window for my Sql Server Registration i Enterprise Manager.
If I copy a directory from the wwwroot on my workstation to the server the application has no problem to connect so the connectionstring seams to work fine.
Any ideas?
Regards,
Kalle
View 1 Replies
View Related
Nov 27, 2003
hi,
we have recently completed an upgrade to 2000 server and now have AD on our network.
How do i go about querying this from any of my SQL 2000 servers?
I have found a few websites that mention adding a linked server. I have never done this and am not sure how to query a linked server, if that is the way to go.
can anyone offer some advice please?:confused:
TIA
View 1 Replies
View Related
Sep 20, 2004
A little background, We have a DEV Server running SQL Server 2000. This is the first of many to be migrated from out NT Domain to our new AD (active directory Domain). All Domain user accounts have already been migrated.
When they migrated this first Server running SQL Server, I am getting the following error when I try to make the owner of a job (any job) run by the SQL Server Agent a domain account in the new AD - when I switch the ownership back to our old NT Domain, it works fine.
I am getting this error:
The job failed. Unable to determine if the owner (domainusername) of job testjob has server access (reason: Could not obtain information about Windows NT group/user 'domainusername'. [SQLSTATE 42000] (Error 8198)).
note that this is happening to all windows authenticated sql server accounts on this Server. All of these account are in the local Admin group on the Server.
Does anyone know what needs to be done in SQL Server to make the AD migration seemless???? I need to try and find this out before we begin migrating Production Servers. Thank you!!
View 6 Replies
View Related
Jul 12, 2001
Hi folks,
I'm try'n to find out if i need active directory for sql2000 if my primary network is running on windows2000? What are the pros and cons? Thanks!
Joe R.
View 1 Replies
View Related
Jul 22, 2004
Hi!
I want to write a trigger that add a new computer account in my active directory when I do an Insert in my MSSQL table.
I know how to use SELECTstatements using LDAP but I want to do a INSERT statement. Is that even possible?
Can you write vb code directly in SP i mssql 2000?
What I think I have to do is to have a vbscript that does the adding then call the script using exetended SP cmd execute passing the name to the script.
If someone has a another solutions please let me know!
Regards..
View 1 Replies
View Related
Nov 3, 2005
Hi there,
Is it possible to, somehow, get a specific users password from active directory? The reason I ask is that I am writing a new system and really don't want the users having to remember yet another password, but rather be able to use there network password? I would like to write the logon section myself and not use any built in functions that anything may have.
Please can someone advise. I don't think it is possible but have been asked to persue the issue.
Thanks
View 2 Replies
View Related
Sep 20, 2006
Hi,
I want to migrate my sqlserver to active directory.
Someone can tell me what is the procedure and how can i do ?
Someone have already do this migration ?
Regards
View 5 Replies
View Related
Jul 20, 2005
We are implementing Active Directory. I need to know if this will presentany issues/changes for our SQL Server 2000 servers.TIADave Edwards
View 1 Replies
View Related
Jul 20, 2005
HiI've created a stored procedure (see below) which accesses the ActiveDirectory and SQL server to get "real names" back. When I run thestored procedure in Query Analyzer it returns the expected results,however when I try to create a Web Assistant job based upon theprocedure I get the SQL-DMO message:Error 7410 Remote Access not allowed for Windows NT Useractivated bySETUSER.The procedure is being run (and the job created) as the account whichowns the SQL Server installation, and this account has AD adminpermissions.Any suggestions?CREATE VIEW dbo.vw_account_adASSELECT a.Name AS ad_name, dbo.Accounts.*FROM dbo.Accounts INNER JOINOPENQUERY(ADSI,'select SamAccountName, Name FROM''LDAP://w2k-bspad1/ ou=users,ou=bsp,DC=ad,DC=bl,DC=uk'' whereobjectcategory=''person'' ') a ONSUBSTRING(dbo.Accounts.Account_Name,CHARINDEX('', dbo.Accounts.Account_Name) + 1,LEN(dbo.Accounts.Account_Name) - CHARINDEX('',dbo.Accounts.Account_Name)) = a.SamAccountNameCREATE PROCEDURE [dbo].[usp_event_report] ASSET ANSI_NULLS ONSET ANSI_WARNINGS ONSELECT Code_Name, Account_Name + ' ('+ad_Name+')' as 'Account Name',Date_Occured, ResultFROM Usage_Codes, Usage, vw_account_adWHERE Usage.Code_ID = Usage_Codes.Code_IDAND Usage.Account_ID = vw_account_ad.Account_IDAND datepart(month,Date_Occured) = datepart(month,getdate())ORDER BY Code_Name, Account_Name, Date_OccuredGOChloe CrowderThe British Library
View 2 Replies
View Related
Oct 24, 2007
Hi there.
I have a request to build some reports that are specific to each user. Only the autheticated user should be able to see their report data and no one elses etc. How do I get data for the current autheticated user (via AD)? If this is via parameter, how do I hide the username/password in the url?
I am sure this has been done, but I couldn't find any good examples.
Thanks, Mike
View 2 Replies
View Related
Nov 19, 2007
Can someone please tell me or provide a link explaining how I can query the active directory for
usernames from sql server 2005. I'm actually creating usernames on the fly and I need to check if they already exist in the active directory. Thanks.
View 3 Replies
View Related
Apr 2, 2008
We want to use Active Directory with Oracle for User Authentication and accessing Oracle as well as storing the details in Oracle. Active Directory stores Information regarding Users, Groups & Policies etc.
We want to provide the access in Oracle for the users available in AD as well as export Complete User Information from active directory and keeping the updated information into some Oracle tables. What is the optimal method?
What configuration needed at Server/ Client End and How to do the same?
Kindly provide the steps. Please do the needful. Thanks.
View 4 Replies
View Related
Feb 6, 2008
We currently have Active Directory within our domain all Server 2003 based. We also have a SQL2005 database stand alone server (not currently joined to the domain). What we would like to do is utilize single sign on. Currently our users have to log into windows, then open an "in-house" program which asks for a different set of credentials for the SQL2005 database. How do we intergrate Active Directory login to also authenticate to the SQL database? Can we just join the stand alone SQL server to the domain, then from there add the Active Directory "security groups" into the database? Could someone point me in the right direction, thanks!
View 1 Replies
View Related
Jan 24, 2007
Is it possible to create a report in SSRS that queries Active Directory data such as user's phone extension, email address etc
What would be a good way to do this?
Thanks,
Nisha
View 7 Replies
View Related
Mar 29, 2007
I'm not sure this is an actual reporting services question but has someone else created reports for active directory in Reporting Services
I want to create a report with users and their respective manager. I have this working in reporting services but I just want the manager name how could I strip out all the other information in the manager field??
SELECT personalTitle, manager, name, employeeid, distinguishedName
FROM 'LDAP://dc=xxx,dc=xxx,dc=xxxt'
WHERE objectClass = 'user' AND objectCategory = 'Person'
ORDER BY name
I get this as the manager name, I just want his name
CN=Smith, Kurt,OU=Financial,OU=DataControl,OU=Users-Groups,DC=xxx,DC=xxx,DC=xxx
Thank you,
View 6 Replies
View Related