Re: Application concerns OVER Login

From: BP Margolin (bpmargo@attglobal.net)
Date: 04/06/03 

From: "BP Margolin" <bpmargo@attglobal.net>
Date: Sat, 5 Apr 2003 17:25:34 -0500

Giacomo,

If you distribute the database on a CD, then it is unusable unless it is made available to a SQL Server instance. Only a person with SysAdmin permissions will be able to make the database available to a SQL Server instance, and a person with SysAdmin permissions will be able to read, write and execute anything in the database, so if your goal is to limit who can read and/or write and/or execute stored procedures, your goal is immediately non-obtainable on SQL Server.

BTW, you might want to check out the SQL Server 2000 Books Online section "Creating a Removable Database" (createdb.chm::/cm_8_des_03_92hx.htm). However, do not be misled by the documentation. A removable database is read-only **only** if it remains on the CD. However nothing prevents a person from copying the database from the CD to a hard disk and making it writeable as well as readable.

-------------------------------------------
BP Margolin
Please reply only to the newsgroups.
When posting, inclusion of SQL (CREATE TABLE ..., INSERT ..., etc.) which
can be cut and pasted into Query Analyzer is appreciated.

"Giacomo" <00avoidspam@solsticepoint.com> wrote in message news:OE9TEJ7#CHA.2072@TK2MSFTNGP10.phx.gbl...
> Help.
> 1) setup user on network with only user rights. (Win2k Server)
> 2) gave that user rights to specific stored procedures on database
> 3) wish to distribute this sql server database on a cd
>
> Question A:
>
> If someone gets a copy of the cd and creates the same user on their network,
> will they be able to open the SQL Server 2000 database under that user name
> (Windows Authentication) or will they only have rights to the stored
> procedures which that user has permission to use (SQL Server
> authentication)? As per above, the Windows Authenication Role for this user
> is only for the stored procedures. There are no dbo rights for this user.
>
> Question B:
>
> Short of figuring out the sa password, will anyone be able to open that
> database on the distributed CD?
>
> Question C:
>
> Is it important to create a difficult password for this user? The password
> will be given out with the CD.
>
> I'm not sure if I am doing this correctly.
>
> Giacomo
>
>
>

Relevant Pages

  • Re: Data security
    ... look into using Stored procedures. ... > database. ... > the database and revoke rights at tat moment in time? ... > developers are developing and be comfortable that the data is secure? ...
    (microsoft.public.sqlserver.security)
  • Re: Limiting Selection of Data by User ID
    ... As MC suggested, do everything through stored procedures, with every ... Create a separate database for each company, ... database is as simple as scripting objects from one of the existing ones, ... but no rights to the table. ...
    (microsoft.public.sqlserver.programming)
  • selective object restrictions
    ... How can I create a user who has rights to create objects, ie, table, view ... and stored procedures in a database ... for example: in database DBA ... user A cannot deleted TABB ...
    (microsoft.public.sqlserver.security)
  • How to determine the current users rights
    ... My .NET application needs to know if the currently logged on user has rights ... users of the database to use. ... Is there any defined stored procedures or views that returns that kind of ... Bob Trabucco ...
    (microsoft.public.vb.database)
  • How to determine the current users rights
    ... My .NET application needs to know if the currently logged on user has rights ... users of the database to use. ... Is there any defined stored procedures or views that returns that kind of ... Bob Trabucco ...
    (microsoft.public.dotnet.framework.adonet)