Application Roles For Sql 2000 And VB6
May 22, 2003
I may need to setup an application role(s) fro a SQL 2000 db that is being front-ended by VB6. There are 2 types of functions needed, and admin role with access to all tables, and a user role with access to only specific tables. I know from just a straight db roles, I could set up 2 roles, set their rights, and then add the users to these roles. My questions is if I need the same functionality for an Application role, do I need 2 Application roles, one for the admin, and the other for the user?
View 1 Replies
ADVERTISEMENT
Mar 5, 2006
Hello,
I am new user of SQL Server. I have some problems with these words. I want to make my database works in my specified permissions. I will specify permissions with schemas and these schema wants an owner. I want this owner should be my user. When creating a user it needs a valid login. I am selecting my login and it occurs and error says this login has an different user. I am specifying permissions with roles. But i can't make association all of them. I hope i told my problem to you as well. If you explain these words to me and tell me how can i do my database's works with my own schemas, users and roles i'll be grateful. Thanks for advices.
Happy coding...
View 4 Replies
View Related
Aug 24, 2006
After reading Books Online, I am still confused with Database Role vs Application role.
My intention is to control the end users' authority on the database, where the end users will access through Winforms client application. With proper assignment of schema and database roles to an user, I believe this will enough to control the permisison of an user.
If this is the case, why Application role exists? When and why should I use Application Role? How is it different from Fixed Database Role?
View 14 Replies
View Related
Nov 1, 2004
Hi there
Can anyone point me to a good tutorial or give me a run down on using Sql Application roles from my asp.net application. Books Online only give a run down on how to set it up - not how to implement or use it from my code. MSDN no help. Google - same thing.
Any help greatly appreciated.
Thanks in advance
View 2 Replies
View Related
Mar 20, 2008
We have a distributed app that creates it's own instance of sqlexpress when installing. This prevents anyone with sa rights on another instance from accessing our data directly (HIPAA compliance concerns). We are currently looking into making our app easier to install, and want to be able to attach our database to existing instance (if one exists), but still prevent the sa account of that instance from directly accessing/viewing our data. Are application roles the way to accomplish this, is there another way, or is this even possible?
Thanks in advance.
View 5 Replies
View Related
Jul 17, 2000
We are looking to make our applications as secure as possible. I am interested in how well Application Roles work to make security tighter.
Have you used Application Roles. If you have, I'd like to know if it helped provide better security or not and if it did, how was it implmented in you production environment. I already know how to get it set up, I'm just wondering if it's really worth the trouble.
Thanks!
View 2 Replies
View Related
Jun 13, 2006
We have an an application that was written using OLE DB (ADO) against a SQL 2000 Server that uses an Application role to give rights to the database objects. It connects, calls sp_setapprole and goes on. If the database needs to LOCK a record, it is creating a new ADO Connection and instantiating the Approle again. This model has been working fine up til now.
Now we are installing a SQL 2005 server for the latest version of the product we are working on and are running into an error. The error is
Error: 18059, Severity: 20, State: 1.
The connection has been dropped because the principal that opened it subsequently assumed a new security context, and then tried to reset the connection under its impersonated security context. This scenario is not supported. See "Impersonation Overview" in Books Online.
It's happening when the second ADO Connection for locking a record is being created and the sp_setapprole is being executed.
One of my questions is what is the problem with executing the approle on a different connection? Our code has not changed, so obviously SQL 2005 is doing something different. The other is What can we do to correct this?
Is the resource pooling different? We had problems in the beginning with approles and figured out through research that we needed to add OLE DB Services=-2 to the connection string to turn off resource pooling.
Is there an extra step to using Approles in SQL 2005?
Any help would be greatly appreciated as we need to resolve this ASAP.
Thanks,
David
View 5 Replies
View Related
Apr 30, 2007
I want to test Application Roles security for our project, I guess it serves the purpose.
But the quesion I have is if a developer who can look at the application code know's the "Password" can he set the password from Query Analyser and get acess to the database.
Thanks!
View 4 Replies
View Related
Mar 13, 2007
Hello,
in SQL Server 2005 I have an application role that is being used to limit access to my server data from third party applications. Everything is working well, except changing the Application role password.
I set up a small form that allows an administrator to change the App Role password through the front end app. I cannot, however, seem to get the Password field in my approle to accept a parameter.
For example:
declare @newpassword varchar(128)
set @newpassword = 'foo'
ALTER APPLICATION ROLE MyApplicationRole
with PASSWORD = @newpassword
This procedure gives me a syntax error in the last line. It will accept a string in quotes but not a varchar parameter.
Ideas?
View 3 Replies
View Related
Feb 12, 2007
Hi, Am migrating my SQL 2000 legacy app to SQL2005 and am dealing with restrictions on the underlying system tables. Have taken advice that Granting VIEW state to all users is heavy handed (especially meta data access at SERVER level). Now looking at Module signing which is great. I can supply SP's which target the few System table/ information schema fields that I require. Now I Sign the Sp's cool, now I grant exec rights to the application role (doesn't work). Create a db role and put my users in it, okay grant role exec on Sp's (fine they work).
However my application runs under an application role always, so my users rights are ignored and it appears that its only the users not the approles who can benefit from the module signing ? I know I can switch too and from approle using cookies but I seem to be going round in cirlces here.
Essentially is there any 'EASY' and 'CONTROLLED' way that my application user who has no rights, who immediately switches to the application role can see the dbName (All rows ) from master.sysdatabases ?
Thansk for any advice
View 7 Replies
View Related
Aug 25, 2005
I have an application that segregates data into two differentdatabases. Database A has stored procs that perform joins betweentables in database A and database B. I am thinking that I have reachedthe limits of Application Roles, but correct me if I am wrong.My application creates a connection to database A as 'testuser' withread only access, then executes sp_setapprole to gain read writepermissions. Even then the only way 'testuser' can get data out of thedatabases is via stored procs or views, no access to tables directly.Anyone know of a solution? Here is the error I get:Server: Msg 916, Level 14, State 1, Procedure pr_GetLocationInfo, Line38Server user 'testuser' is not a valid user in database 'DatabaseB'The system user is in fact in database A and B.thanksJason Schaitel
View 4 Replies
View Related
Nov 24, 2007
Hi all:
[Posting this in the security forum because in this forum I found a related post.]
I have a problem with SQL Server 2005 and application roles and pooling. I needed to use application roles and I needed to use pooling at the same time for an application. I am using sp_setapprole and sp_unsetapprole. In order to ensure that the application role is always set and unset by the application, I actually developed a custom Data Provider based on the SqlClient Data Provider. I have a custom Connection and Command class that wrap the SqlClient versions. Upon opening my custom Connection class, I execute the sp_setapprole stored procedure. Upon closing or disposing the connection, I call sp_unsetapprole.
This works fine in 99% of my tests. However, I have three or four methods (always the same ones, but one only fails ever so often) that fail, but only under the following circumstances:
Pooling is turned on (but pool size doesn't matter)
I am using my custom Data Provider (using System.Data.SqlClient does not cause this issue... but I am also not using approles then)
When other tests have run in the same test run. I.e. when I run the failing methods by themselves in a test run, there is no problem.
So it seems to me that the problem is related to using application roles with pooling turned on. For scalability reasons, we cannot turn pooling off. When the methods fail, I see the following two (2) entries in the SQL Log:
Error: 18059, Severity: 20, State 1.
The connection has been dropped because the principal that opened it subsequently assumed a new security context, and then tried to reset the connection under its impersonated security context. This scenario is not supported. See "Impersonation Overview" in Books Online.
I understand the error message somewhat. However, I am not sure why the "reset" of the connection occurs. My code does not call reset anywhere, so it must be something that happens in the background.
I am reviewing code to see if there is possibly a situation where the sp_unsetapprole procedure does not get called or does not get called successfully, but there is a lot of code (in many custom components).
I would like to know if anyone has a suggestion on how to solve this problem, or, find the code that may be causing the problem.
Thanks in advance,
SA.
View 3 Replies
View Related
Jun 18, 2007
Coldfusion Web appls from Oracle to SQL Server 2005 - How to use Application Roles in Coldfusion.
Is there anyone who has used application roles in Coldfusion Applications? How would you set this up?
I know how to set up application roles. If you establish your application role and you move from one page to another, how would you run cfquery since you loose your initial user connection in place of the application role connection. Are there alternatives to using application roles in Coldfusion?
Sample code would be helpful.
TF
View 4 Replies
View Related
Jul 20, 2005
I am in need of a utility (stored procedure, third party app, etc)that will help streamline the process of managing and auditing objectpermissions, users and roles on multiple sql server 2000 instanceswith multiple databases on each instance. That's a quick overview ofwhat I need, do I need to be more specific?Thanks.
View 2 Replies
View Related
Jul 4, 2007
hello, I have developed a website using asp.net 2.0 and sql server 2005 express edition. I have used the built-in membership, roles and login controls in my website. now i need to change the database server. i have to use sql server 2000 instead. as asp.net 2.0 uses the ASPNETDB.mdf for member,roles and login controls, so how can i do it? i can easily export the database from 2005 to 2000 but how my application controls will know where to look at for those data. I am clueless. please help me. thanks in advance.
View 2 Replies
View Related
Jan 28, 2004
Can you write a stored procedure to add a user to your DB and set the roles the user belongs to?
I want to write a stored proc. to add users and set roles so it can be used in code instead of doing it manually.
After the user has been added and their roles set, can you write another stored proc. to give you what roles they belong to?
View 3 Replies
View Related
Jun 16, 2006
Apologies if my post does not fit into this forum. I initially tried the SQL Server Data Access forum but I now think my question is more security related.
Is it possible for a web user who has been successfully authenticated with forms authentication to be authorised to use a SQL Server 2000 role depending on a particular ASP.NET 2.0 role that they have been authorised to use? I understand that that I can assign a SQL Server 2000 role to the ASPNET or NETWORK SERVICE account but this will grant access to anonymous web users to the database role. I can ensure that I only call stored procedures which access sensitive data in web pages that are in restricted by ASP.NET roles. However, it would be nice to also restrict stored procedures via the ASP.NET 2.0 Forms Authentication roles.
If this is not possible have you got any bright ideas how I could restrict access to stored procedures who are anonymous web users.
Many thanks,
Mark
View 1 Replies
View Related
May 6, 2007
I'm developing an ASP.NET2.0 application which accesses a SQL Server 2005 Express database. I plan to use integrated security for access to the database.
I'm confused about the relationships between Windows groups, the ASP.NET web.config file <allow roles=.../> and SQL Server roles.
I would like to create a Windows group to which I can assign multiple users and grant that group access to a Web Site using windows authentication and also grant that windows group access to the database my web application uses.
I have gotten the combination of Windows Authentication to the web site and to the database to work for a specific windows user but I am having trouble determining the combination of database security entities I must create to allow access to my database by members of the windows group.
For a Windows user:
1. Create Windows user
In SQL Express
2. CREATE LOGIN FROM WINDOWS WITH DEFAULT_DATABASE =
3. CREATE USER FOR LOGIN
4. CREATE ROLE
5. EXEC sp_addrolemember <role-name> <user-name>
For a Windows group, what would be the equivalent commands necessary to grant a windows group access to my database? Specifying the Windows Group name in sp_addrolemember does not appear to be sufficient even though the documentation states that a windows group name is a valid value for the member name argument.
View 3 Replies
View Related
May 3, 2005
Hi! Can anyone say which ms sql server predefined roles are similar to the following oracle predefined roles: dba, connect, resource. I already know that sysadmin in MS SQL Server is the same as DBA in Oracle but what about the rest?
Thanks a lot.
View 4 Replies
View Related
Mar 2, 2006
I am in the process of locking down the SQL Server in an environment that is considered to be in production (pilot stages) and there is no staging or test environment that mirrors it. I need assistance in determining the server and database roles to assign to existing logins, most of which currently have sa and dbowner rights. Because it is not a development environment, I need to be sure that downgrading the server and/or database level permissions will not break any functionality.
I'm starting with the logins that have the SA fixed server role. These logins need to be able to install applications that require the use of a backend database, which will be stored on SQL Server. In addition, through the installation process a new login/password for the newly created database(s) is normally created. For the existing logins with the SA fixed server role, will downgrading to the securityadmin and dbcreator roles be sufficient to facilitate those needs, or are those too much/ too little? And should any user account ever be granted the SA role? If so, what questions could I ask to determine this need?
Since these install process for these applications usually prompt to install using SA or local system account to authenticate to SQL to create the new database(s), that account should have securityadmin and dbcreator roles to create the database and its tables, as well as add a new login to that database.
Please address this question, keeping in mind that the logins will only be performing the described actions, installing apps using SQL Server as the backend database and adding a login to that database (which may or may not be done during the installation process).
Thank you,
nu_dba
View 1 Replies
View Related
Dec 20, 2004
Is there a way to connect to a sql db and read the databases and write them to a webpage? Then is there a way to view the tables in a selected database on a webpage?
I'm trying to make a web based enterprise manager.
View 2 Replies
View Related
Nov 12, 2007
Hi there,
Has anyone ever encountered problems making .Net applications connect to a SQL database on SQL 2000 with SP3a?
It's running on a virtual machine with a Windows Server 2000 Std with SP4, the .Net application is working with .Net Framework 1.1.4322.573. For some reason it can't connect to the SQL database using the specified username and password in the web.config file even though the user exists in the SQL database. I've tried using the SA password but this still doesn't work. I can logon to SQL Query Analyzer using the SA password but not using the other username.
The .Net application does work on other systems of mine all of which can run on Windows Server 2000 and 2003, I have compared them but can't find any differences.
Any ideas anybody?
Thanks,
Chris
View 1 Replies
View Related
Apr 30, 2005
Hi!I am going to connect to "SQL Server 2000" through an "ASP.NET Web Application". My development environment is "Visual Studio .NET 2003". In my "Toolbox" -> "Data", I drag a "SqlConnection" and drop on the page. It would automatically be named "SqlConnection1". In its "Properties" -> "ConnectionString" -> "<New Connection...>", I would enter my Server Name (SAMIEI), select "Use Windows NT Integrated Security" and Select the Database on the Server (Northwind). Then such Connection String would automatically be generated:
"workstation id=SAMIEI;packet size=4096;integrated security=SSPI;data source=SAMIEI;persist security info=False;initial catalog=Northwind"
Now, I may see "SAMIEI.Northwind.dbo" in the "Data Connections" row of "Server Explorer" with its all "Database Diagrams", "Tables", "Views", "Stored Procedures" and "Functions".Please take a look at the following code:
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Try SqlConnection1.Open() Catch ex As SqlException Response.Write(ex.Message) End Try
End Sub
It would unexceptedly encounter such error:
"Login failed for user 'NT AUTHORITYNETWORK SERVICE'"
Please tell me the reason. I am much obliged to you for your attention.
Regards!M.Sadegh Samiei
View 2 Replies
View Related
May 19, 2006
I have installed the SQL Server 2000 and its up running.
I can connect to the database direct as administrator, but my test application(asp.net 2.0) returns an exception.
SqlConnection sqlConn = new SqlConnection("data source=10.61.90.24;initial catalog=testdb;persist security info=False;user id=sa;pwd=data;Type System Version=SQL Server 2000;");
sqlConn.Open();
I receive this exception:
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
View 4 Replies
View Related
Apr 15, 2007
Hi,
I'm looking for some guidance/help regarding setting up a sa - lite account in SQL 2005. I need to give another admin rights to create/monitor maintenance plans, backup and restore databases, monitor performance/logins, but NOT be able to have any rights on several tables (and of course not being able to set user permissions).
I've tried using server and db roles but haven't been able to determine how to give someone w/o full sa rights access to maintenance plans.
If you can think of soemthing, please let m eknow.
Jenn
View 4 Replies
View Related
Mar 10, 2004
I have MS SQL Server 2000 DB.
I have created a User and created some tables for the same.
I created a Role named A and granted Select Permissions for few tables to that roles.
When I created another Role named B and added this role (A) to B, the permissions are not being xferred to B. Bcos of which, if i assign an User to Role B, he is not able to select the tables for which permissions have been given thru role A.
Note : If i give assign directly the user to Role A, it is working. But i want to assign User to role A only thru B.
View 1 Replies
View Related
Jun 23, 2007
I need some opinion about coping data tables from auto-generated ASP.NET database into SQL 2000 database.
View 2 Replies
View Related
Jun 6, 2005
Hi,
We are having SQL2000 Advance Server.
4 processor with hypherthreading, Memory 4 GB and it is a high transactional OLTP server. We are also running Transaction Replication on that server.
We recently bought Double Take and implemented on the server with File Difference with block check sum option for Disaster Recovery Purpose.
The Queue and the Log file folder is on local drive where the system doesn't use that folder except double take.
We are replicating from Source to Taget thru the WAN (DS3).We are replicating approx. 200 Gig of Data but just the difference.
Now the CPU usage is normal,Memory utilization is normal, but the network is a major problem as the Applications connecting to the Server timesout and the applications running very slow.
We have set just like the Tech support recommended.
I would appreciate, if someone give us some recommendations to run the double take without any problem.
Thanks in advance.
Anu
View 3 Replies
View Related
Jul 23, 2005
First off, sorry if my cross posting offends anyone. I'm posting thisin Access and SQL Server groups - not sure which one is appropriate.I have a relatively simple ASP.NET/VB.NET application that is nowhitting an Access 2000 database over an intranet. We have to migratethe database to SQL Server 7. My experience with ASP.NET is prettylimited and my experience with SQL Server is nonexistent.We have an MSDN subscription, so I went to the downloads section to getSQL Server 7. Guess what? SQL Server 6.5 is available, as is 2000 and2005, but no SQL Server 7. So my first question is, does anyone know ifit is available for MSDN subscribers?The next question is, does anyone know of a good resource that explainshow to make the transition from Access 2000 to SQL Server 7? I know thedata has to be migrated and the connection between the application andthe database modified, but am really not sure exactly what to first andthe correct way to go about it. The application is a simple productconfigurator. There's not a lot of data and it's not a very complexdatabase.Thanks in advance. If you'd like, please copy responses tolcifers(AT)yahoo.com (AT) = @TIA.Cheers.- Luther
View 2 Replies
View Related
Mar 8, 2008
Hi,
Recently our database has been migrated from SQL 2000 to SQL 2005 on a new server(machine) with windows 2003(previously windows 2000). If the database is retained on the same machine but with a named instance of 2005, the application(websphere 5.1) is behaving normal whereas if i configure the aplication to the new server it is running slow for some of the queries but not all.
This change will have to be implemented in production very soon. Any advise will be of great benefit
Thanks
Raam
View 6 Replies
View Related
Feb 16, 2007
Hi all,
I have a customer with an RS installation in a DMZ, using ADAM for its authentication.
The problem I have is as follows :
When setting up the execution log reporting (supplied as part of the standard install) all information being captured for report execution e.g Which user ran a specific report and when, is coming up with 'UNKNOWN' for the user name.
Does anyone have any idea where to look to fix the recording of user information? I am not sure whether it is a RS or A.D.A.M issue.
Thanks
Clint Pugh
View 2 Replies
View Related
Jul 24, 2006
Hi All,
Is there any limitation for setting password to an approle (like it should be 8 character long, should not start with numbers) ?
If so, what are those limitations ?
Does the same is applicable for sp_setapprole which uses the same password ?
please confirm, for both SQL Server 2000 and 2005 versions.
thanks in advance,
Regards,
Kailai
View 1 Replies
View Related
Oct 31, 2007
How to Connect sqlServer 2000 in Pocket PC 2003 Application.
In Packet PC 2003 Application I have to connect to sql server 2000 on
my machine. The application gives error if connected using sqlConnection. Is SQL server CE necessary to connect to sql server 2000 in .Net Compact Framework?
View 1 Replies
View Related