Re: application login , but user security

From: Dan Guzman (guzmanda_at_nospam-online.sbcglobal.net)
Date: 04/29/05 

Date: Fri, 29 Apr 2005 08:28:08 -0500

SQL Server security context is determined by the login used to connect to
SQL Server or an application role enabled after the connection is made. If
ES_MTO uses a single login, you won't be able to implement a SQL Server
security model that allows you to control access based on an individual
user's identity unless your application code can conditionally enable an
application role. I know nothing about ES_MTO so I can't comment on whether
or not that approach is feasible. You can read about application roles in
the SQL Server Books Online 

-- 
Hope this helps.
Dan Guzman
SQL Server MVP
"sql rookie" <anytasks@gmail.com> wrote in message 
news:1114703232.008696.232480@g14g2000cwa.googlegroups.com...
> Hi everybody...please don't flame me for my ignorance.
> We are in the process of migrating from mainframe application using
> vsam files to MICROFOCUS and SQL server
> Here is the senario we are at now :
> In mainframe, the application might be able to read and write to the
> file, but the write access is controled by the RACF (security software
> like active directory). In other words, even though USER A can execute
> the application, he cannot write to it, because the security software
> doesn't allow USER A to write to the file.
>
> In the new environment, our online application are replaced by a
> product called MICROFOCUS -ES_MTO.  ES-MTO connects to sqlserver via an
> application userid (lets say APPL1).  USERA logins in to the ES-MTO
> using login id USERA, but then ES-MTO connects to sqlserver using
> APPL1.  APPL1 has read/write authority on the tables.  USERA should be
> able to execute the application, so he can read the table, but
> shouldn't be able to write to it.
> The application is however a read/write application.
>
> I hope I was clear enough on my sceneraio.
> What I am hoping to find out is, how can I still use sqlserver to check
> permission using the real user login id , when the application uses the
> application userid to connect ?
> Am I making sense ?
>
> Any help or input is greatly appreciated .
>
> Thanks
>

Relevant Pages

  • Re: Database security design with ASP.net and form-based authentication
    ... This allows SQL Server to control security from both ... database security context to enable when a user belongs to multiple roles ... the single login approach is best in your situation since you don't ...
    (microsoft.public.sqlserver.security)
  • Re: Security Implementation???
    ... > MSDE, ... > In users node in the db node, only dbo with no login name exists. ... Make the security machine independent, ... running the SQL Server Agent (especially if you are running MSDE sp4 as ...
    (microsoft.public.sqlserver.security)
  • Re: SQL Logins vs Windows Authentication
    ... Microsoft recommends using Windows Authentication for security purposes as you avoid using SQL Server Logins because then it would be easier to capture these login info and infiltrate into your SQL Server system. ...
    (microsoft.public.sqlserver.security)
  • Re: Unexpected Login Screen When Accessing SQL Data Via .NET Intra
    ... >> data and the SQL Server is on the same server. ... >> My problem is that one user has started getting a login popup ... >> right in via Windows Authentication like everyone else and like they ...
    (microsoft.public.sqlserver.connect)
  • Re: cannot acees two databases as owner
    ... it does not matter you are a member of the ... the sysadmin fixed server role or if there is no any other Login which is ... group if it's a domain) and you can login to your SQL Server with, ...
    (microsoft.public.sqlserver.setup)