Re: My own security subsystem

From: Bottomless Pit (pauldurdin@iee.org)
Date: 06/25/02


From: "Bottomless Pit" <pauldurdin@iee.org>
Date: Tue, 25 Jun 2002 07:24:18 +0100


I guess tou could use the uid fom the sysusers table in another table to
record your own permissions system - is this what you mean?

I've not got down this root - yet- because i didnt fully understand the
system tables and was concerned that they might vary between versions of SQL
Server.

--
regards,
Paul Durdin
Taradata Ltd
"Brad M." <take_this_out.officespace@shaw.ca> wrote in message
news:OqnYkw8GCHA.2648@tkmsftngp11...
> This would work, except for the fact that I can't use NT domain groups.
> This application is used on NT workstations using a generic id and
password.
> Thus, the application itself needs to be able to provide authentication,
> RBAC, and auditing.  But is it possible to associate a profiles table to
SQL
> logins?
>
> Best Regards,
> Brad
>
> "Bottomless Pit" <pauldurdin@iee.org> wrote in message
> news:#bYtGV4GCHA.368@tkmsftngp13...
> > i'm using application roles to achieve this and using NT domain groups
to
> > determine what functionality to give a user, but it dosnt do everything
so
> i
> > have another permissions table that determines in detail what users can
do
> > within the program. I also have a users table and use this to identify a
> > persons activity in a history table.
> >
> > --
> > regards,
> >
> > Paul Durdin
> > Taradata Ltd
> >
> >
> > "Brad M." <take_this_out.officespace@shaw.ca> wrote in message
> > news:eyxC56xGCHA.2888@tkmsftngp10...
> > > Here is my current situation:
> > >
> > > I use a table (userdata) in a database called login to manage my user
> > > accounts for my application.  However, to access this table and run my
> > query
> > > to validate the 'account' (a row in the table), I have to be connected
> to
> > > SQL Server.  I have accomplished this by adding a user called
'Logins'.
> > The
> > > problem with this is that the login is generic - all users of the
> > > application sign into the server with it, and this doesn't do much for
> > > security (auditing most notably).
> > >
> > > The reason why I use the table method is because I have to design my
own
> > > RBAC for the server.  Users have a profile with their account.  There
> are
> > > three profiles: Regular, Audit and System.  These profiles have
> functions
> > > that are automatic to them, meaning:
> > >
> > > A user with a Regular profile can query and add data to the system,
but
> > > can't view logs, print usage reports or do any system management
> functions
> > > A user with an Audit profile can do all of the above, except cannot
> > perform
> > > any system management functions
> > > A user with an System profile can perform every function in the system
> > > (These are very short descriptions, there are many more)
> > >
> > > Here's what I'd like:
> > >
> > > A user has an ACTUAL SQL login, instead of the generic login looking
in
> a
> > > table thing.  But I want to associate my custom profiles with these
SQL
> > > accounts.  Meaning, I can track usage of the system because each user
> has
> > > their own sql login, but they also have a profile designation, which
> would
> > > limit their access in the application.
> > >
> > > Any ideas on this?
> > >
> > > Best Regards,
> > > Brad
> > >
> > >
> >
> >
>
>


Relevant Pages

  • Re: My own security subsystem
    ... except for the fact that I can't use NT domain groups. ... But is it possible to associate a profiles table to SQL ... >> I use a table in a database called login to manage my user ... Users have a profile with their account. ...
    (microsoft.public.sqlserver.security)
  • Re: SQL Mail
    ... > I'm having the same problem with sending mails from SQL. ... I've also went to SQL mail and set up a mail profile. ... > used to start SQL Server. ... > be a domain account if you are using an Exchange server as ...
    (microsoft.public.sqlserver.server)
  • Re: OO vs. RDB challenge
    ... > The user profile determines the distribution of the probabilities over ... > After 1000 cycles a user task ends and so the user reaches Nirvana. ... > Show me SQL code, ...
    (comp.object)
  • Re: SQL Mail
    ... I'm having the same problem with sending mails from SQL. ... I've installed Outlook 2003, I'm logged on as the user for which the mailbox ... I've also went to SQL mail and set up a mail profile. ... "Troubleshooting SQL Mail with Exchange Server" ...
    (microsoft.public.sqlserver.server)
  • Operator error error:22022
    ... >the mail profile for this account works. ... >I set up sql agent to run on this service, ... >I try to add the administrator account and it doesnt test ... >figure what the heck the prob is. ...
    (microsoft.public.sqlserver.server)