Re: Approles and security question
From: Mary Chipman (mchip@nomail.please)
Date: 01/31/03
- Next message: Roger Wolter[MSFT]: "Re: MSQL Server and Slammer"
- Previous message: Jeff Beller: "MSDE SP3 Upgrade Fails on first Try"
- In reply to: John Smith: "Approles and security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Mary Chipman <mchip@nomail.please> Date: Fri, 31 Jan 2003 12:52:19 -0500
If users are connecting using Windows authentication, then their login
name is preserved. you'll see the database user name as the name of
the approle:
select suser_sname() -- will display Login name
select user -- will display name in db (approle name)
If you connect to SQLS using a web app, then you'll see the login used
for the web app.
Approles can have a significant negative effect on connection pooling
-- see http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q229564
-- Mary
MCW Technologies
http://www.mcwtech.com
On Fri, 31 Jan 2003 10:09:19 -0700, "John Smith"
<johnsmith@biteme.org> wrote:
>In the process of developing a new application, we are looking into using an
>approle to tighten security. Meaning that each user logs into the app, and
>the app invokes the role preassigned to it for all communication direct to
>the db.
>We have a good handle on how it works except for one part.
>
>I need to audit all deletes, updates, inserts to the database with a
>trigger, I need to put them in a seperate table for an audit trail. This is
>not negotiable. whom does it says it he logged on user? the sqlserver user
>(the app role) or the logged in user (the o/s user). I actually need the
>latter more than the former. Can I get that info when using an approle?
>
>Not to confuse matters much but what if it is a web app? does it record the
>client os user or does it record the webserver service account info? I can
>set IIS to not alow anon connections, so I can figure out how they logged
>into the app, but not sure how I can audit that.
>
>Lastly, anyone out there developing software using an approle currently how
>does it work and how are you implementing it?
>
>thanks.
>post only replies please.
>
- Next message: Roger Wolter[MSFT]: "Re: MSQL Server and Slammer"
- Previous message: Jeff Beller: "MSDE SP3 Upgrade Fails on first Try"
- In reply to: John Smith: "Approles and security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
