Re: Application roles Please Help!

From: Pura (pn2kt@yahoo.com)
Date: 01/14/03 

From: "Pura" <pn2kt@yahoo.com>
Date: Tue, 14 Jan 2003 15:46:25 GMT

Dan,
May I point out that with the guest account, any server login will have
access to any db even without permissions.

"Dan Guzman" <danguzman@nospam-earthlink.net> wrote in message
news:OA7PM33uCHA.1676@TK2MSFTNGP10...
> Other databases can be accessed only via the guest user security context
> once an application role is activated. However, you don't need to grant
> permissions on the referenced object in the 'MDB_TAB_01' databases as
> long as the objects involved have the same owner. Because your objects
> are owned by 'dbo', both databases have the same owner so that the
> objects are owned by the same login.
>
> Since the guest user needs no object permissions in this scenario, this
> may appease your DBA. The application role needs permissions only on
> the objects directly referenced in the application database.
>
> --
> Hope this helps.
>
> Dan Guzman
> SQL Server MVP
>
> -----------------------
> SQL FAQ links (courtesy Neil Pike):
>
> http://www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
> http://www.sqlserverfaq.com
> http://www.mssqlserver.com/faq
> -----------------------
>
> "Magnus Pettersson" <magnus@businessvision.se> wrote in message
> news:e7emsB2uCHA.2568@TK2MSFTNGP12...
> > If I do this I get
> > Server: Msg 916, Level 14, State 1, Procedure TestViewMP, Line 3
> > Server user 'Conn2000' is not a valid user in database 'MDB_TAB_01'.
> >
> > This is due to the Application role
> > I have a view called TestViewMP
> > looks like
> > CREATE VIEW dbo.TestViewMP
> > AS
> > SELECT *
> > FROM MDB_TAB_01.dbo.AAR
> > Granted to the Application role
> >
> > Magnus
> >
> > "Pura" <pn2kt@yahoo.com> wrote in message
> > news:rPFU9.612$M%5.439875740@newssvr11.news.prodigy.com...
> > > create your views as dbo then grant select to the App role. The
> remote
> > table
> > > should also be owned by dbo.
> > >
> > > "Magnus Pettersson" <magnus@businessvision.se> wrote in message
> > > news:e4GKHwzuCHA.1960@TK2MSFTNGP11...
> > > > Hi !
> > > >
> > > > We are using application roles in our client.
> > > >
> > > > Now we would like to run a remote procedure or call a
> > > > view with a table in an other database.
> > > >
> > > > Is there a workaround without using the guest account,
> > > > the DBAdmin is not fond of using the guest account, to connect to
> > another
> > > > database ?
> > > >
> > > > Any suggestion is fine
> > > >
> > > > Best regards Magnus
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: master and msdb database permissions
    ... master and msdb through the guest account. ... objects in those databases. ... permissions come from - whatever permissions have been ...
    (microsoft.public.sqlserver.security)
  • Re: How can I remove Public access to SQL Express dbs?
    ... Guest has no CONNECT permission in user databases by default. ... You can't delete guest but can render it unusable by revoking CONNECT permission in databases other than master and tempdb. ... it will remove the public access of the database in question. ...
    (microsoft.public.sqlserver.security)
  • Re: Everyone permissions on C Drive
    ... > seem to have had the default permissions applied. ... > also make sure that the Guest does ... > permissions on the Windows partition. ... > the settings that allow for per-user account private storage. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Moving the Exchange data and log files.
    ... inheritance rules for that folder and all progeny. ... How to move Exchange databases and logs in Exchange Server 2003If you want ... Assuming it is a Microsoft KB, set the permissions to what the KB ...
    (microsoft.public.windows.server.sbs)
  • RE: missing system.mdw file
    ... permissions to create the file, ... >The registry key is not missing. ... Running the SCAN program from the Windows ... >>| I cannot create any new databases in Access 2002 on ...
    (microsoft.public.access.setupconfig)