Re: Security options for 2005 Native XML Web Services (ENDPOINT)

You can use groups to grant permissions for the endpoint. Just create one
group per soap endpoint to grant the connect permissions to.
Similarly you would normally create a login from a windows group, add that
to a database role in your database and grant permissions to the role.
You shouldn't be messing about with individual users in SQL, just use
windows groups.

--
HTH,
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com


"Luther Miller" <lex3001@xxxxxxxxxxxxxxxx> wrote in message
news:80C2B00A-7628-478E-9DE8-E5761A696CFA@xxxxxxxxxxxxxxxx
>I have done some research and I just want to verify what I believe are the
> security options for SQL server 2005 native XML web services (using
> ENDPOINT
> and WebMethod).
>
> 1. Application roles cannot be used (I assume this because the connection
> is
> not kept open so you can only call one proc at a time and application
> roles
> need state and need to call a stored proc to set the state).
>
> 2. NT authentication:
> a. Each NT USER must be added as a Login to SQL Server
> b. Each NT USER must be granted CONNECT to the ENDPOINT
> c. Each NT USER must be added to the database with the stored procedures
> being exposed
> c. Each NT USER must be granted EXEC on the stored procedures being
> exposed;
> this could be done by adding the user to a database role that has the
> permissions etc.
> d. There is no way to just add NT users to a Domain security group and
> give
> that group permissions - you must do the above for each individual user
>
> 3. Sql Server authentication - I guess you could create a login/password
> in
> SQL Server that have all of the above permissions and then hard code that
> in
> the client for connecting to the web services. Haven't tried this, but
> would
> require a lot less logins to be added to SQL.
>
> Seems that it is about time to have integration with active directory and
> NT
> security groups (roles) with SQL Server... that would definitely be
> useful.
>
>


.

Relevant Pages

  • ADP, Application Role, and objects
    ... The above link is to an atricle on how to implement SQL Server Application ... After you connect with your ADP, fire a bit of code to set the ... third party tools to view the data on the same database. ... Scenario 1 - If I explicitly grant permissions on that object to the user ...
    (microsoft.public.access.adp.sqlserver)
  • Re: field level security question
    ... Vyas, MVP ... listBox control that gets data from a query of the sql server table. ... > recent change in requirement) I see the option to limit permissions right ... > utility opens except their is just no data. ...
    (microsoft.public.sqlserver.security)
  • RE: SQL 2008 - remote connection to the SSIS 2008 - Access denied
    ... SQL Server configures the appropriate rights during the installation process, ... then add users/groups and assign the appropriate permissions. ... user who created the package apply to the writer role. ... I checked DCOM MsDts component and my user rights for the Remote ...
    (microsoft.public.sqlserver.dts)
  • Re: Deny access to all users (including Administrator and DomainAd
    ... permissions on stored procedure override ... applictaion's user account permissions to the stored procedure which will ... Will try to deny access through the query for SQL Server 2005 and 2000. ... Remove everyone that you don't want rom an Administrator Groups ...
    (microsoft.public.sqlserver.security)
  • Re: SQL 2000 Windows Authentication - Same User Multiple Groups
    ... functionality using our WinForm app and read-only functionality using ... SQL Server permissions are not application-aware. ... App1 contains CRUD functionality using stored procs (EXEC perms on ...
    (microsoft.public.sqlserver.security)