Re: SqlExpress distribution and access rights

From: "Norman Yuan" <FakeName@xxxxxxxxxxxxx>
Date: Thu, 24 Apr 2008 10:13:23 -0700

Is this app with SQL Server Epxress a server app or a desktop app?

Since you want user(s) access the SQL Server with Windows integrated security, and you, of course, do not know what user account the user is using when developing the app. The solution could be this:

Create a SQL Server login that maps to a local Windows user group, not a user account, say named as "TheAppSqlUsers". Then you add that SQL Server login to the targeting database as a proper user/role, assign all the permissions required by the app accordingly. So, when install the app, the computer where the SQL Server sits need to have a local user group called "TheAppSqlUsers" created.

With this configuration, when user uses your app, as long as his Windows login account (domain or local) is in that user group ("TheAppSqlUsers"), he all have all required permission. Similarly, if your app wnats different permissions to access different data in the SQL server database, then you can have different SQL Server logins, mapping to different local user groups.

All this can be done manually before or after your app gets installed. Of course, you can also incorporate the Windows local user group setup into your installation package (I am afaid that you have write a seperate app to manipulate window/local or network domain user account and then to have installer to run it during installation).

Hope this gives you some idea.

"Peter Hase" <spam_sucks_@xxxxxxx> wrote in message news:16o014t5bmt62cj88d782hav70lc947iq3@xxxxxxxxxx

Hi, I'm using sqlexpress 2005 with a .NET
applikation. Security is set to integrated mode.
When deployed, the app's database will be created via
script by the installer.
Now, by default this database is not accessable if
the current user is not logged on as (xp-)administrator.

As workaround it is possible to add the server
role "sysadmin" to the account "predefined\user" (with
sp_addsrvrolemember).

This does not look adequate for me. One problem
is (additional to possible security issues) that
the account string seems to be culture/language
dependent and may not work everywhere.
Is there any other way to provide access rights
for this situation?

Thanks for help
Peter

Prev by Date: SQLCE Master/Detail using BindingSource
Next by Date: need to install SQL Server Agent SQL Express 2005
Previous by thread: SQLCE Master/Detail using BindingSource
Next by thread: need to install SQL Server Agent SQL Express 2005
Index(es):
- Date
- Thread

Relevant Pages

ADO.NET 2.0 & MSDE & Win98
... Framework 2.0 which must be deployed on Windows 98 platform. ... The MSDE will ... be installed on Win98 as the SQL Server to which the app will connect. ...
(microsoft.public.dotnet.framework.adonet)
Re: UNICOWS.DLL -- ??? Very confused -- Please help
... its a problem with his OS not your app. ... of the OS required the installation of the files done properly as an ... Windows Update option.. ... > application to a few clients, all but one of which run fine. ...
(comp.lang.pascal.delphi.misc)
Re: Frustrating crashes
... I will run a memory diagnostic (I have the MS app; ... >> immediately after I installed Windows. ... >> ran the Windows installation routine? ... My error log is not helpful at ...
(microsoft.public.windowsxp.general)
Re: Help! When running a VB exe, MS Office 2003 pops up
... both programs I've tested that gave me the MS Office pop-up were using Winsock. ... one of these "Please wait while windows configures...." ... the program seemed be with the ClearQuest installation. ... Your VB5-VB6 app. ...
(microsoft.public.vb.general.discussion)
Re: Moving .exe somtimes works
... your app does need to be installed. ... Your Installation Specialist ... that I can only clear a Windows Vista problem but pulling the plug. ... multiple time only to fnd that Vista wold not start. ...
(microsoft.public.vb.general.discussion)