Re: My own security subsystem
From: Bottomless Pit (pauldurdin@iee.org)
Date: 06/25/02
- Next message: WK: "Re: linked server"
- Previous message: Pascal Michael Haddad: "linked server"
- In reply to: Brad M.: "Re: My own security subsystem"
- Next in thread: Brad M.: "Re: My own security subsystem"
- Reply: Brad M.: "Re: My own security subsystem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bottomless Pit" <pauldurdin@iee.org> Date: Tue, 25 Jun 2002 07:24:18 +0100
I guess tou could use the uid fom the sysusers table in another table to
record your own permissions system - is this what you mean?
I've not got down this root - yet- because i didnt fully understand the
system tables and was concerned that they might vary between versions of SQL
Server.
-- regards, Paul Durdin Taradata Ltd "Brad M." <take_this_out.officespace@shaw.ca> wrote in message news:OqnYkw8GCHA.2648@tkmsftngp11... > This would work, except for the fact that I can't use NT domain groups. > This application is used on NT workstations using a generic id and password. > Thus, the application itself needs to be able to provide authentication, > RBAC, and auditing. But is it possible to associate a profiles table to SQL > logins? > > Best Regards, > Brad > > "Bottomless Pit" <pauldurdin@iee.org> wrote in message > news:#bYtGV4GCHA.368@tkmsftngp13... > > i'm using application roles to achieve this and using NT domain groups to > > determine what functionality to give a user, but it dosnt do everything so > i > > have another permissions table that determines in detail what users can do > > within the program. I also have a users table and use this to identify a > > persons activity in a history table. > > > > -- > > regards, > > > > Paul Durdin > > Taradata Ltd > > > > > > "Brad M." <take_this_out.officespace@shaw.ca> wrote in message > > news:eyxC56xGCHA.2888@tkmsftngp10... > > > Here is my current situation: > > > > > > I use a table (userdata) in a database called login to manage my user > > > accounts for my application. However, to access this table and run my > > query > > > to validate the 'account' (a row in the table), I have to be connected > to > > > SQL Server. I have accomplished this by adding a user called 'Logins'. > > The > > > problem with this is that the login is generic - all users of the > > > application sign into the server with it, and this doesn't do much for > > > security (auditing most notably). > > > > > > The reason why I use the table method is because I have to design my own > > > RBAC for the server. Users have a profile with their account. There > are > > > three profiles: Regular, Audit and System. These profiles have > functions > > > that are automatic to them, meaning: > > > > > > A user with a Regular profile can query and add data to the system, but > > > can't view logs, print usage reports or do any system management > functions > > > A user with an Audit profile can do all of the above, except cannot > > perform > > > any system management functions > > > A user with an System profile can perform every function in the system > > > (These are very short descriptions, there are many more) > > > > > > Here's what I'd like: > > > > > > A user has an ACTUAL SQL login, instead of the generic login looking in > a > > > table thing. But I want to associate my custom profiles with these SQL > > > accounts. Meaning, I can track usage of the system because each user > has > > > their own sql login, but they also have a profile designation, which > would > > > limit their access in the application. > > > > > > Any ideas on this? > > > > > > Best Regards, > > > Brad > > > > > > > > > > > >
- Next message: WK: "Re: linked server"
- Previous message: Pascal Michael Haddad: "linked server"
- In reply to: Brad M.: "Re: My own security subsystem"
- Next in thread: Brad M.: "Re: My own security subsystem"
- Reply: Brad M.: "Re: My own security subsystem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
