Re: How to implement Windows Authentication?
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Thu, 31 Jan 2008 15:22:39 -0800
Peter (Peter@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
Good question. Ideally, the login should be created outside the
application. The question is who is going to do that. I think the
followings are possible candidates:
Well, some login has to be created outside the application. Else the
application will never be able to log in.
When you install SQL 2005, BUILTIN\Administrators are added to the
server by default, which means that anyone who has Administrator rights
in windows can access SQL Server as sysadmin. But they are changing
that in SQL 2008, and the person who installs SQL Server is supposed
to specify an admin user.
Besides deciding how to create the login, I also need to know how many
logins should be created. For SQL Authentication, it is acceptable to use
one sql login. For Windows Authentication, should I add Windows groups or
individual Windows users to SQL Server? If adding windows groups to SQL
Server, should they be windows groups which are created just for the
application or existing windows groups?
Probably existing Windows groups. If you add groups that is. It's
little hard to give advice with that little knowledge of the context.
But keep in mind that functionality for adding users are elsewhere as
well, so I think you should keep your application to the basic stuff.
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- Next by Date: Re: SQL job schedule modification
- Next by thread: Re: How to implement Windows Authentication?
- Index(es):
Relevant Pages
|
