Re: Permissions
From: Sue Hoegemeier (Sue_H_at_nomail.please)
Date: 06/29/04
- Next message: Chris: "SQLServer 2000 Backup to Local CD"
- Previous message: Hari: "Re: How can I know which patches I need?"
- In reply to: Robert: "Permissions"
- Next in thread: Robert: "Re: Permissions"
- Reply: Robert: "Re: Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Jun 2004 05:57:20 -0600
If a user who is a domain admin logs into SQL Server, if the
default BUILTIN\Administrators group has not been modified
or removed, the user will have sysadmin access through their
membership in the local administrators group on the SQL
Server - domain admins are members of the local admins group
and this group gets access to SQL Server through the
BUILTIN\Administrators group. The BUILTIN\Administrators
group are members of sysadmins.
How the security needs to be set up and how the users need
to be configured depends on the ERP system. You should
follow up with the vendor of this system to properly
configure security for the users of the system.
-Sue
On Tue, 29 Jun 2004 01:41:08 -0700, "Robert"
<anonymous@discussions.microsoft.com> wrote:
>We use an SQL backend ERP system on our Windows Small
>Business Server 2k network.
>The problem we have is this:
>
>Certain parts of the ERP don't work when logged in as
>Domain users, unless they have Domain Admin rights.
>
>Here is the scenario
>
>Pre-Requisites
>-----------------------------------------------------------
>Windows requires username and password
>ERP system requires username and password
>-----------------------------------------------------------
>
>User A (Domain Administrator)
>User B (Domain User)
>
>1 - User A logs into PC1 (Windows2K/XP). He then then logs
>into the ERP system. He can do everything he wishes as he
>has full domain admin rights.
>
>2 - After user A is finished with the ERP system he logs
>out of the ERP system but leaves PC1 logged on. User B now
>opens the ERP system and logs in with his username and
>password. He can complete any task he attempts.
>
>THe PC is now logged off.
>
>3 - User B now logs into Windows2K/XP on PC1 with his
>WIndows username and password and then logs into the ERP
>system. He can access all parts of the ERP as before but
>some screens fail to open/initilaize.
>He now logs off of the ERP in order that User A can log on
>but leaves Windows logged on.
>
>User A logs onto the ERP system and attempts to complete
>certain tasks. He can't seem to comlete them now either
>(Same taks).
>PC logged off
>
>4 - Give User B admin rights and he can now achieve part 1
>of this scenario. Obviously it isn't appropriate to give
>every user on our network full Admin rights but does
>anyone know what could be happening here and where best to
>look for solutions? I.e Windows or SQL.
- Next message: Chris: "SQLServer 2000 Backup to Local CD"
- Previous message: Hari: "Re: How can I know which patches I need?"
- In reply to: Robert: "Permissions"
- Next in thread: Robert: "Re: Permissions"
- Reply: Robert: "Re: Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
