NT Authentication, Roles With SQL 7

Jul 2, 2001

Our group develops in-house VB applications that access a SQL 7.0 Database. We are trying to set up a security model that looks something like this:

1) Employees are organized based on the required level of database access (View, User, Admin).

2) Appropriately named Global Groups are set up in NT (example sqlView, sqlUser, sqlAdmin) and employees are added to these groups.

3) A Login/user is created in the SQL database for each of these NT groups.

4) Roles are created -- named for each security level available to a specific application (example TimeCardView. TimeCardUser, TimeCardAdmin).

5) Appropriate NT Groups (now users) are added as members of these roles.

5) Roles are then given execute permission for needed stored procedures (example: TimeCardAdmin can execute the "sp_DeleteTimeCard" but TimeCardView cannot).

6) When a user launches a VB application, their "membership" in a NT group is first established and then the Application logs onto the Database using a "TrustedConnection".

The Problem: It appears that once a trusted connection is established, a user can access a stored procedure even if execute permission has not been given to the role to which their NT group belongs.

The Question: How can we set up our security so that users (as members of NT groups) can logon to the database and gain access (or be denied access) to stored procedures?

View 1 Replies


ADVERTISEMENT

SQL Server Roles && ASP.NET 2.0 Forms Authentication Roles

Jun 16, 2006

Apologies if my post does not fit into this forum. I initially tried the SQL Server Data Access forum but I now think my question is more security related.

Is it possible for a web user who has been successfully authenticated with forms authentication to be authorised to use a SQL Server 2000 role depending on a particular ASP.NET 2.0 role that they have been authorised to use? I understand that that I can assign a SQL Server 2000 role to the ASPNET or NETWORK SERVICE account but this will grant access to anonymous web users to the database role. I can ensure that I only call stored procedures which access sensitive data in web pages that are in restricted by ASP.NET roles. However, it would be nice to also restrict stored procedures via the ASP.NET 2.0 Forms Authentication roles.

If this is not possible have you got any bright ideas how I could restrict access to stored procedures who are anonymous web users.

Many thanks,

Mark

View 1 Replies View Related

Schemas, Users, Logins, Database Roles, Application Roles

Mar 5, 2006

Hello,

I am new user of SQL Server. I have some problems with these words. I want to make my database works in my specified permissions. I will specify permissions with schemas and these schema wants an owner. I want this owner should be my user. When creating a user it needs a valid login. I am selecting my login and it occurs and error says this login has an different user. I am specifying permissions with roles. But i can't make association all of them. I hope i told my problem to you as well. If you explain these words to me and tell me how can i do my database's works with my own schemas, users and roles i'll be grateful. Thanks for advices.

Happy coding...

View 4 Replies View Related

Add User/Set Roles In Code And Read Roles

Jan 28, 2004

Can you write a stored procedure to add a user to your DB and set the roles the user belongs to?

I want to write a stored proc. to add users and set roles so it can be used in code instead of doing it manually.

After the user has been added and their roles set, can you write another stored proc. to give you what roles they belong to?

View 3 Replies View Related

SQL Server Roles, Windows Groups && ASP.NET Allow Roles

May 6, 2007

I'm developing an ASP.NET2.0 application which accesses a SQL Server 2005 Express database. I plan to use integrated security for access to the database.

I'm confused about the relationships between Windows groups, the ASP.NET web.config file <allow roles=.../> and SQL Server roles.

I would like to create a Windows group to which I can assign multiple users and grant that group access to a Web Site using windows authentication and also grant that windows group access to the database my web application uses.

I have gotten the combination of Windows Authentication to the web site and to the database to work for a specific windows user but I am having trouble determining the combination of database security entities I must create to allow access to my database by members of the windows group.

For a Windows user:

1. Create Windows user

In SQL Express

2. CREATE LOGIN FROM WINDOWS WITH DEFAULT_DATABASE =

3. CREATE USER FOR LOGIN

4. CREATE ROLE

5. EXEC sp_addrolemember <role-name> <user-name>



For a Windows group, what would be the equivalent commands necessary to grant a windows group access to my database? Specifying the Windows Group name in sp_addrolemember does not appear to be sufficient even though the documentation states that a windows group name is a valid value for the member name argument.






View 3 Replies View Related

Fixed Database Roles Vs Application Roles

Aug 24, 2006

After reading Books Online, I am still confused with Database Role vs Application role.

My intention is to control the end users' authority on the database, where the end users will access through Winforms client application. With proper assignment of schema and database roles to an user, I believe this will enough to control the permisison of an user.

If this is the case, why Application role exists? When and why should I use Application Role? How is it different from Fixed Database Role?

View 14 Replies View Related

Oracle Predefined Roles Vs Ms Sql Roles

May 3, 2005

Hi! Can anyone say which ms sql server predefined roles are similar to the following oracle predefined roles: dba, connect, resource. I already know that sysadmin in MS SQL Server is the same as DBA in Oracle but what about the rest?
Thanks a lot.

View 4 Replies View Related

How To Decide On Server Roles And DB Roles

Mar 2, 2006

I am in the process of locking down the SQL Server in an environment that is considered to be in production (pilot stages) and there is no staging or test environment that mirrors it. I need assistance in determining the server and database roles to assign to existing logins, most of which currently have sa and dbowner rights. Because it is not a development environment, I need to be sure that downgrading the server and/or database level permissions will not break any functionality.

I'm starting with the logins that have the SA fixed server role. These logins need to be able to install applications that require the use of a backend database, which will be stored on SQL Server. In addition, through the installation process a new login/password for the newly created database(s) is normally created. For the existing logins with the SA fixed server role, will downgrading to the securityadmin and dbcreator roles be sufficient to facilitate those needs, or are those too much/ too little? And should any user account ever be granted the SA role? If so, what questions could I ask to determine this need?

Since these install process for these applications usually prompt to install using SA or local system account to authenticate to SQL to create the new database(s), that account should have securityadmin and dbcreator roles to create the database and its tables, as well as add a new login to that database.

Please address this question, keeping in mind that the logins will only be performing the described actions, installing apps using SQL Server as the backend database and adding a login to that database (which may or may not be done during the installation process).

Thank you,
nu_dba

View 1 Replies View Related

Db Roles / Server Roles

Apr 15, 2007

Hi,

I'm looking for some guidance/help regarding setting up a sa - lite account in SQL 2005. I need to give another admin rights to create/monitor maintenance plans, backup and restore databases, monitor performance/logins, but NOT be able to have any rights on several tables (and of course not being able to set user permissions).

I've tried using server and db roles but haven't been able to determine how to give someone w/o full sa rights access to maintenance plans.

If you can think of soemthing, please let m eknow.

Jenn

View 4 Replies View Related

Assigning Roles To Roles

Mar 10, 2004

I have MS SQL Server 2000 DB.
I have created a User and created some tables for the same.
I created a Role named A and granted Select Permissions for few tables to that roles.

When I created another Role named B and added this role (A) to B, the permissions are not being xferred to B. Bcos of which, if i assign an User to Role B, he is not able to select the tables for which permissions have been given thru role A.

Note : If i give assign directly the user to Role A, it is working. But i want to assign User to role A only thru B.

View 1 Replies View Related

SQL Sever 2005 Express Move Windowns Authentication Choice To Mixed Authentication

Aug 22, 2007

I folks.I Have installed sql server 2005 express and choosed windowsauthentication on instalation, but i make a mistake and now i needmixed authentication, how can i modify this whithout uninstall andinstall again the application?thanks for the help.

View 2 Replies View Related

How To Give Authentication For Send Mail Task Component? [not Default Windows Authentication]

May 11, 2007

How to give authentication for Send Mail Task component?

View 4 Replies View Related

Switching SQL 2005 Authentication Mode From Windows To SQL Authentication

Apr 18, 2007

Hi there,I have installed MS SQL Server 2005 on my machine with windows authentication. But now I want to switch the authentication mode to SQL Authentication. I am unable to switch, I can’t find the proper way to do so here in 2005.Could any one help me in doing this?Thank you,-Ahsan

View 1 Replies View Related

Sql Authentication = Fast./ Windows Authentication = V.slow!

Mar 25, 2004

Hello,

(Using win2k, sqlserver2k, framework 1.1)
I have an fairly data-heavy application that uses Windows authentication (Trusted connection/aspnet account) to connect to Sql Server. The site uses IIS basic authentication.

On the dev server everything works fine but when I move to the live server things get strange and it starts to crawl along. (Pages load OK but then it just crawls as it loads the datagrids etc. Sometimes it brings back incomplete/incorrect data )

BUT When I use Sql Authentication to connect to Sql Server and there is no problem at all!

Ok, there is something obviously wrong with the live server (which is identical setup to dev)but I dont know where to start.

Any ideas??

View 2 Replies View Related

Using SQL Authentication And Windows Integrated Authentication Concurrently

May 15, 2006

Hi all,

I've got two applications which both have a database on my MS SQL 2000 server. The problem is, one application must use Windows Integrated Authentication (which it is currently using and cannot be changed) whilst the other application which I'm trying to configure must use a SQL password.

Since the server has already been configured to use Windows Integrated Authentication for the existing database and application, how do I configure the other database to use the SQL password?

Thanks.

View 1 Replies View Related

Authentication An Application Using Windows Integrated Authentication

May 12, 2006

Hi all,

My work is using a shared application
which accesses a MSSQL 2000 database. To access the application, the
folder on the Windows 2003 Server is shared and users can access the
folder through a shared drive.


For the application to access the
database, it uses an ODBC connection to the MSSQL server which
originally used the SA password.


We have recently switched to using
Windows Integrated Authentication because we believe it offers a
higher level of security. However the only way in which we have been
able to enable this is to add the windows users to the SQL server.


The problem with this is that the
application sets permissions for individual users on what records
they can see within the database. We have found that by adding the
windows users to the SQL Server, they can bypass the permissions the
set by the application by simply using any application that can use
an ODBC connection, such as Enterprise Manager, and see all the
database.

One way around this would be to set up
domains of users with access privileges to the tables which reflect
the permissions set by the application, and configuring a view of the
data so they may only see the records that they have permissions to.
However to do this would require a high administrative cost to ensure
that changes made in the application are reflected in the privileges
of the SQL server.

Instead, is there a way the SQL server
can authenticate that the ODBC connection is coming from the correct
application using Windows Integrated Authentication?

This would allow the applcation to
determine security, and stop users from connecting to the SQL server
using other applications.

Alternatively, can the SQL server,
using Windows Integrated Authentication, also ask the application to
supply a username and password?

Any help with this matter would be
greatly appreciated.

Thanks!

View 4 Replies View Related

Switching From SQL Authentication To Integrated Authentication?

Aug 25, 2006

Hi,I'm using SQL Server 2005. My Connection String looks like that at the moment: <add name="LocalSqlServer" connectionString="Data Source=xx;Initial Catalog=xx;Persist Security Info=True;User ID=xx;Password=xx" providerName="System.Data.SqlClient"/>    Now I'd like to change this kind of authentication to Integrated Windows AuthenticationI added the WorkerProcess IIS_WPG to the permitted Users but it didn't help.Changed the Connection String to this:connectionString="Server=xx;Database=xx;Trusted_Connection=True;"All I'm getting is that my NetworkService is not permitted to access DB when I try to connect to the DB in ASP.NET.How can I properly configure that? Thanks!

View 4 Replies View Related

Difference Between Sql Authentication And Windows Authentication

May 8, 2003

Hello

Can anyone tell me what is the difference between sql authentication and windows authentication.

Examples of each would be very useful

Many thanks in advance

Steve

View 2 Replies View Related

SQL Server Authentication Vs Windows Authentication

Oct 16, 2006

Would anyone please help me out here. which of the 2 modes of authentication is better and why??

View 3 Replies View Related

Using Windows Authentication V/s Mixed Authentication

Dec 18, 2006

Hi,

Say, I have configured my SQL to use Mixed Authentication. Now, I have a applicaiton which uses my SQL Server. The application just creates a database in SQL Server and uses the database to store its information.

This application also has a SYSTEM DSN under ODBC through which it accesses the database. For the application to access this database, should I only use SA (as my SQL instance is configured to use Mixed Authentication) or can I use Windows Authentcation too...

If I should only use SA, do we have a documentation which talks about this.

Thanks
Santhosh

View 1 Replies View Related

Windows Authentication Vs SQL Server Authentication

Mar 12, 2008



For using different services of SQL SERVER 2005 which is better...
Windows Authentication or SQL Server Authentication?
what are the advantages and disadvantages of both?

View 5 Replies View Related

Report Manager With Forms Authentication. Report Server With Windows Authentication.

Feb 1, 2008

Hi.

I wonder if it is possible to set forms authentication for report manager but leave report server "as it is". I need to authenticate users from external LDAP and can't use windows authentication for report manager, but I would also like to leave report server open for anonymous users. In that way authenticated administrators could create reports which anonymous users could read.

I tested the Security Extension Sample and got it working when I rewrote the authentication part with my own LDAP authentication.

If I have understood correctly, the report manager is just application inside report server so is it possible to use forms authentication with one application but still leave the report server with Windows authentication?

View 1 Replies View Related

NT Authentication / SQl Server Authentication

Aug 14, 2001

Hi,

I need to figure out what kind of Authentication , I need to use for following applicaiton

Product : -

1 ) It resides on a its Domain and has access to Database on that Domain.
2 ) We have a application level login , n based on application login id
display specific pages.

The question that bother me is this

Q ) If i use NT authentication , then a user will be required to

a ) Login to domain (with userid and password) first and then

b ) Then i would require to again login to applicaiton with application
level login and password.(different levels of login as there)
Based on the application level login i will display only specific
asp pages. They have different access rights..and roles.

Requirment is to login only once..and it should authenticate to application display specific pages and authenticate to SQl server database also..

Is there any way thru which i can map my application level login to SQl server.. and what authentication should i use..

Thanks,
Teny

View 2 Replies View Related

Sql Authentication Vs. Windows Authentication

May 31, 2007

I am in the process of rolling out a sql server 2005 enterprise install and had a question regarding authentication. We will be providing sql hosting for a number of groups on our campus, many who are not using our campus-wide active directory, though they all have an AD account.

Windows authentication via the management studio appears to use your AD authentication tokens and will not allow them to enter a username/password combo. Is there any way to configure this?

I would like to use our campus AD for obvious reasons but if there is a requirement for passing tokens this isn't going to work right? It's also going to make database mirroring more of a challenge.

Thanks

View 3 Replies View Related

Roles

Sep 21, 2001

I need to grant select/viewing on a information_schema for a programmer. how do I grant this without granting server role "System Administrators".

Thanks,
Jason

View 1 Replies View Related

Roles

Sep 21, 2001

I need to grant select/viewing on a information_schema for a programmer. how do I grant this without granting server role "System Administrators".

Thanks,
Jason

View 2 Replies View Related

Roles

Oct 25, 2000

Does anybody know how to set up a role that can only set up jobs in Sql7.0.
TIA - Philip

View 2 Replies View Related

Roles

Jun 10, 1999

I might be missing something. I have 'upsized' an Access database to SQL 7.0. I then created new users on the server. I then added them to the database and gave them the role db_datawriter. When they try to connect, they can't. When I look at the permissions tab for the tables, I see their ID's, but none of the boxes are marked. Did I forget to do something?

View 3 Replies View Related

DB Roles

Apr 5, 2001

Is there a way in 7.0 to allow users with the "Public" role truncate tables without giving them sysadm rights?

Thanks,
Kevin

View 1 Replies View Related

DB Roles

Sep 28, 2004

I am creating a new user. I would like to give read only access just for the tables in a database. I had assigned only public and db_Datareader roles to this user. With these roles the user could able to see the script of the SPs and also the DTS packages. Also with the above roles the user could able to create new DTS packages and SPs. Is it possible to deny the user to look at the sps and ability to open the DTS packages created by some other users.

What I need to do is create a role with just table data read access so that they could just select the data only nothing more than that.
Also another role with dataread and ability to create the DTS packages from other servers by accessing this data. Anotherthing we need is With this role the users could create Database schema.

This is an urgent request. Please advise me ASAP.

Thanks

View 8 Replies View Related

Roles

May 9, 2008

Hi,can anybody tell me the script for how to find out for a particular login n for a particular database ,what are the database roles they have??

View 10 Replies View Related

Roles

Jan 19, 2007

Hi,
I have added two roles to sql server. One called Officeusers. The other AdminUsers
Added the appropriate logins to these roles. For example; james, john, ahmad to OfficeUsers and Mat, Nick to AdminUsers.
How can these roles be now used in a connectionstring? I can use each user login and his relevant password in a connectionstring to connect to sql server but not sure how/where/when the Roles come in to development.
i.e. do I need to use the role in the connectionstring? if so then what happens to the password.
Not quite clear about all these.
Thanks

View 4 Replies View Related

Roles

Jul 5, 2007

Hi all,
I have developed a website that and configured a role for my users. I also want to write a windows application, but how can I let my windows application use the role based I have on the same database where the website runs? Thanks

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved