"ad" <ad@wfes.tcc.edu.tw> wrote in message
news:uV*************@TK2MSFTNGP15.phx.gbl...
Thank
But I have still some question
1. Why I can't find the 'NT AUTHORITY\NETWORK SERVICE' in my Windows 2003
account?
The service is in there on the local box.
2. Must I must give the database db owner to 'NT AUTHORITY\NETWORK
SERVICE' ? Can I give 'NT AUTHORITY\NETWORK SERVICE' a lower role?
You can give very granular rights. Select the objects you want to hit and
give the rights to the account there.
NOTE: This is not the best way to give access to SQL Server. In this
instance, you are potentially less secure than you are using a UID and PWD
in your connection string. The better method is to force people to log in,
using WIndows Authentication, and give Domain Users access to the objects
(still a bit insecure, but less than allowing the entire web world access).
This does not work with Internet apps, of course.
Another possibility is to set up a web service and give it rights to SQL and
have the web server use it. You can then give access to the NETWORK SERVICE
account without opening everything to the web directly. Still less secure
than other means.
COM+ is another option where you can assign a specific user. It is also
possible, but rather complex, to set up a service that uses a specific
account and run some form of persistence layer to serve data.
--
Gregory A. Beamer
MVP; MCP: +I, SD, SE, DBA
*************************************************
Think outside the box!
*************************************************