Re: Install MSDE w/ MSDE Depl.Toolkit. What permissions when using Win Auth?

From: Andrew Gaskell (agaskelluk_at_yahoo.com)
Date: 11/30/04 

Date: 30 Nov 2004 10:19:39 -0800

Andrea
ok please consider this scenario, as I am still not clear on this. I
have my SQL database sitting on my server. I stop replication and
detach it. Then I copy the ldf/mdf files to my dev machine. Then I
deploy the database using the MSDE deployment toolkit and some adapted
code as per previous.

I then have my clients who use MSDE to connect *locally* to the MSDE
version of the database. They need to be able to work offline, no
network connection. A service running on the client machines will
start a pull subscription for replication every x days if the user is
connected to the network.

I then get a new user called MyDomain\Andrea who wants to install the
MSDE database version and be able to run the service which starts a
pull subscription. The new user must also be able to run queries on
the local MSDE database.

Do I need to create a group on the server that houses SQL Server or
where? I don't have access to the domain controller. What permissions
do I give to this group? How do I create the group?

Once this group has been created and MyDomain\Andrea added, if you use
the MSDE database offline - no connection to the network, how will
authentication take place? What credentials will be used?

Thanks again
Andrew

"Andrea Montanari" <andrea.sqlDMO@virgilio.it> wrote in message news:<313cs9F35t7biU1@uni-berlin.de>...
> and Andrew,
> "Andrew Gaskell" <agaskelluk@yahoo.com> ha scritto nel messaggio
> news:63c811db.0411300308.c9c0b09@posting.google.com
> > Andrea
> > thanks for the response. However by using Windows groups, don't I
> > still have to maintain the group itself on the server by manually
> > adding a domain user to the group each time a new user requires access
> > to my application?
>
> this is all performed thought the Domain Controller, which maintains all the
> credentials... as you add
> YourDomain\Andrea
> to your domain, making me part of the XYZ group which has already been
> granted access to the YourDomain\YourMsde server and granted that group db
> access as db_datareader or any other builtin or userdefined db role, I'll
> inherit login privileges and db access as well... for that reason I
> recommend using NT groups where possible :D
>
> > I read about the Builtin\Administrators group. My detatched SQL
> > database will still have the Builtin\Administrators group and my
> > clients will be members of the local admin group on Win2K, so as I
> > understand it they should have access to the MSDE database. Is this
> > correct?
>
> Builtin\Administrators is a local group and not domain group... all local
> login member of that group will be granted SQL Server login privilege, but
> not your (remote) clients that should be member of other groups... more...
> you should not rely on administrative logins/privileges/permissions becouse
> an admistrator really is a God in SQL Server, and could be a kind god, or
> could be as Loki (and I mean the malicious one of the Norse pantheon)...
> so my advice is to create as many database roles as you need, with just
> enought permission as required, and map your NT groups to the corresponding
> db role...

Relevant Pages

  • RE: Backups have Shadow Copy Problems
    ... and restarted the server. ... suggested and changed the recovery model to simple on the one database called ... I understand the issue to be: the backup task failed ... You back up data from a volume that contains a Microsoft SQL Server ...
    (microsoft.public.windows.server.sbs)
  • Re: upsizing to sql 2005
    ... the word SERVER in it, ... You can access to the database by multiple means (Access, ... and how does it update the SQL database with the new records in Access? ... Query Name: Arcadia - ARC ...
    (microsoft.public.access.queries)
  • Re: Linked Tables in Access
    ... any use of SQL Passthru, Linked Tables or any other use of MDB / MDE ... server, or would I also need to convert *those* queries to passthrough ... I've been trying to understand why Access database files become corrupt. ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Leveling by ID vs. "Standard"
    ... of this trade called Project Management. ... a database for the "Project Tables," ... to write reports on data from the server database. ... product supporting queries created with SQL. ...
    (microsoft.public.project)
  • Re: Trouble Getting VS.Net 2003 WalkThroughs MSDE Connection
    ... Config Tool of SQL Server? ... > link to download the PUBs database. ... >>> Setup and they directed me to install MSDE and they attached a ...
    (microsoft.public.sqlserver.msde)