Re: Security

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Tibor Karaszi (tibor_please.no.email_karaszi_at_hotmail.nomail.com)
Date: 02/23/04 

Date: Mon, 23 Feb 2004 19:11:45 +0100

> > > Q1) How do I prevent Fred from changing the data he shouldn't?
> >
> > Don't map the windows account.
>
> I'm not sure I understand you. Are you saying that I SHOULD
>
> - create a windows login 'FRED' on my computer
> - login to my computer as FRED
> - connect to SQL SERVER using the FRED user.
>
> Or are you saying that I SHOULDN'T do that?
>
> It sounds like you're saying I shouldn't, but I'm not.
>
> I'm logged into windows using my own login, and connecting to SQLSERVER
> using 'sa' or 'FRED' from there.

I cannot answer this for you. You have to decide whether you want your users
to use Windows or SQL Server logins. I prefer using windows accounts.
Currently, your windows account is most probably in the Administrators
group, which is by default added as a login to SQL Server with sysadmin
permissions. So when you do a windows login, you have full permissions in
SQL Server. 

-- 
Tibor Karaszi, SQL Server MVP
Archive at:
http://groups.google.com/groups?oi=djq&as_ugroup=microsoft.public.sqlserver
"Harry Chance" <nospam.ple@se> wrote in message
news:_Ap_b.235$XJ2.2866384@news-text.cableinet.net...
>
> "Tibor Karaszi" <tibor_please.no.email_karaszi@hotmail.nomail.com> wrote
in
> message news:O19QfSf%23DHA.1392@tk2msftngp13.phx.gbl...
> > > But if I check 'use trusted connection' and press OK the priveliges
> > > don't work, Fred can change data.
> >
> > You now logon using your windows account, not Fred's account. You might
be
> > logged on to Windows ad Administrator on the SQL Server machine, and the
> > Administrators Windows groups are by default added as a login with
> sysadmin
> > privileges.
> >
> >
> > > Q1)  How do I prevent Fred from changing the data he shouldn't?
> >
> > Don't map the windows account.
>
> I'm not sure I understand you. Are you saying that I SHOULD
>
> - create a windows login 'FRED' on my computer
> - login to my computer as FRED
> - connect to SQL SERVER using the FRED user.
>
> Or are you saying that I SHOULDN'T do that?
>
> It sounds like you're saying I shouldn't, but I'm not.
>
> I'm logged into windows using my own login, and connecting to SQLSERVER
> using 'sa' or 'FRED' from there.
>
> > > Q2)  Is it possible to get rid of this dialog box? I've already
> connected
> > > to the server as Fred, cant it automatically use the username and
> password
> > > I've already entered? Or do I have to go through this every single
time
> I
> > > open a table?
> >
> > SQL Server cannot show any dialog boxes. It is either your client
> > application or the database connectivity stuff (ODBC etc). You need to
> check
> > with the client app/dev tools.
>
> Yes, I meant the client tool, SQL Server Enterprise Manager, not the
> database
> engine, obviously.
>
>
> > Tibor Karaszi, SQL Server MVP
> > Archive at:
> >
>
http://groups.google.com/groups?oi=djq&as_ugroup=microsoft.public.sqlserver
> >
> >
> > "Harry Chance" <nospam.ple@se> wrote in message
> > news:25d_b.5855$0z4.53891228@news-text.cableinet.net...
> > > Hi, I'm experimenting with SQL security, creating users and access
> > > privileges, and so on. I'm using the 'pubs' database for practice.
> > >
> > > I've set the 'public'  role  to REVOKE  all permissions on the table
> > > 'authors', (At least I think it's revoke -  the box is empty, no tick
or
> > > cross appears)
> > >
> > > I've created a role 'readonly'  that grants  SELECT  on  authors,
> > > and denies INSERT, UPDATE, DELETE.
> > >
> > > I've created a user 'Fred' with 'readonly' access on authors.
> > >
> > > Now, I connect to the database as Fred, then open the table.
> > > Up pops a dialog box 'SQL Server login'  with fields to enter
> > > the LoginID and password, and a check box 'Use Trusted
> > > Connection'
> > >
> > > If I enter Fred's password, the access privileges work properly,
> > > they wont let Fred change the data in the table.
> > >
> > > But if I check 'use trusted connection' and press OK the priveliges
> > > don't work, Fred can change data.
> > >
> > > Q1)  How do I prevent Fred from changing the data he shouldn't?
> > >
> > > Q2)  Is it possible to get rid of this dialog box? I've already
> connected
> > > to the server as Fred, cant it automatically use the username and
> password
> > > I've already entered? Or do I have to go through this every single
time
> I
> > > open a table?
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: login 101..
    ... On Windows 2003, SQL Server 2005 can enforce the Windows password complexity ... Windows authentication - SQL Server uses a special protocol to ask ... user is in the list of allowed logins, ...
    (microsoft.public.sqlserver.security)
  • RE: How to create a trusted connection
    ... You need to grant access for the Windows login by referring to the books ... is set to use Windows authentication to be able to do trusted connection. ... There are two modes of authentication in SQL Server: ...
    (microsoft.public.sqlserver.security)
  • Re: Windows NT user or group not found.
    ... out what SQL Server thinks the login name is vs. what Windows thinks the ... When the SQL Server collation and the Windows collation are different, ... The following example uses the Param2 parameter to get the SID from Windows ...
    (microsoft.public.sqlserver.connect)
  • RE: How to create a trusted connection
    ... What do you mean by "creating a Windows login"? ... To login SQL Server 2000 using trusted connection, grant the Windows ... Group" in SQL Server Books Online to get the concept, ...
    (microsoft.public.sqlserver.security)
  • Re: Connecting to SQL from a Windows Service
    ... There is probably some way to debug this, but that's deeper Windows knowledge than I can dredge up right now. ... I looked into the Event Log and found that when my service ... 1st Login succeeds. ... You can try turning on login auditing in SQL Server and then check the ...
    (microsoft.public.sqlserver.connect)