Windows Logon using Other Windows Account

From: Lori Landis (lrlandis@hotNOSPAMmail.com)
Date: 12/05/02

• Next message: Alvin Zhao[MSFT]: "RE: Exporting data to another server"
• Previous message: Leon: "Re: Non-Admin Windows Login possible?"
• In reply to: Darion Mapp: "Windows Logon using Other Windows Account"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Lori Landis" <lrlandis@hotNOSPAMmail.com>
Date: Thu, 5 Dec 2002 14:05:37 -0800

I use a couple of different methods to handle this.

1. You can use stored procedures to do most or all of
your data access. You can give the user permission to
execute the stored procedure, but no permissions to the
underlying tables.
2. You can use SQL application roles to control
permissions within the application. You grant
permissions to the tables via the role which is executed
from the application with a password. The user gets no
permissions to the underlying tables. A drawback with
this method is that once you execute the role, all other
permissions are superceded. In my application, the role
gives full permissions to all the tables, so the
application has some intelligence on who is allowed to do
what. See the BOL for more information.

Good luck!

Lori Landis

>-----Original Message-----
>We are currently planning the development of a series of
applications that
>will use SQL Server 2000. Our security concerns are:
>
>1. Using windows login in VB,C#, whatever, will allow
the user to login to
>SQL server and do anything using any other Client
connection utility, If I
>give the windows users rights to delete. what is
stopping them for going to
>the database, bypassing the application, and removing
the data themselves???
>
>2. Using the SQL logins is not that too secure, a remote
registry hack and I
>have all the logins, so we want to disable that and use
windows login only,
>let AD and the admins worry about securing passwords.
>
>How do I do this ???
>
>
>.
>

---

• Next message: Alvin Zhao[MSFT]: "RE: Exporting data to another server"
• Previous message: Leon: "Re: Non-Admin Windows Login possible?"
• In reply to: Darion Mapp: "Windows Logon using Other Windows Account"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Login with no Fixed Server Role and DB Role can stop SQL Agent Service? ... a Window 2000 Login with Domain User default permissions, ... > actually answered the question about the permissions the user has re: ... Forget about SQL Server for the moment. ... >> Enterprise Manager, but he is still able to stop the SQL Agent ... (microsoft.public.sqlserver.security) Re: SQL Server Security: NT Groups ... permissions from their group membership. ... So if I'm a member of GroupA and GroupA is granted a login ... SQL Server and access database B. ... membership, role membership with deny taking precedence. ... (microsoft.public.sqlserver.security) Permissions! ... permissions to database objects are concerned. ... I have a SQL Server 7.0 database table which has 6 columns. ... REVOKE or DENY permissions to these 3 users? ... Please note that I login to my Windows 2000 Professional machine using ... (microsoft.public.sqlserver.security) Re: SQL Server Security: NT Groups ... >permissions from their group membership. ... >So if I'm a member of GroupA and GroupA is granted a login ... >>I'm new to SQL Server security and I don't know if it is ... >>then just add the 2 logins to the SQL Server Roles. ... (microsoft.public.sqlserver.security) Re: Security question .. ... > If you use NT authentication, a user's permissions to a database are ... Your assertion that a user's permissions are independent of the application ... Even using Access and "exploring" will require an ODBC login to SQL Server. ... (microsoft.public.sqlserver.server)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)