Help with the Security/Login/User area of operations

teddysnips

Currently studying for 70-229.

I'm trying to understand how security for users is managed in SQL
Server. I've been using SQL Server for a few years now, but without
investigating the bits that "just work".

So, here's the scenario. This is more or less how I create all my
applications (which these days are all ASP.NET).

I have a database called "TESTDB" (original, huh?)

Now, I want to create a method for users to access this database, so I
open EM, locate and expand the node for the server containing the
database, and open the "Security" node. Click on the "Logins" leaf,
and in the pane right-click and select "New Login.."

On the "General" tab I enter "TESTDBLOGI N" as the Name.

Select "SQL Server Authentication" , and put in a password.

In the drop-down list of databases select "TESTDBLOGI N"

Ignoring the "Server Roles" tab, I go to the "Database Access" tab and
scroll down until I can see the "TESTDB" database. Check the "Permit"
checkbox, and lo!, the "Database Roles for TESTDB" list is populated,
with "public" already ticked. I check the "db_owner" box, and press
"OK". It asks me to confirm the password, and once that's done there's
a new login called TESTDBLOGIN. What's more in "Users" leaf in the
"TESTDB" database node there's a new user called "TESTDBLOGI N".

All well and good. I can now create a connection using this login and
do more or less what I want in the TESTDB database.

But.

If I click the "Users" leaf in the "TESTDB" node, there are two users -
"dbo" and "TESTDBLOGI N". If I right-click the "TESTDBLOGI N" user, I
can see that it has Database Role Memberships for the "public" and the
"db_owner" roles. But if I examine the permissions on these two roles
(by selecting the row, and then pressing the "Permission s" button) I
find that there are permissions set for EITHER role - all the check
boxes are blank!

So, how is it that I can do SELECT, UPDATE, INSERT and DELETE
operations via this login/user?

Sorry it all took so long - I just wanted to get it right.

Thanks

Edward
--
The reading group's reading group:
http://www.bookgroup.org.uk

Jul 23 '05 #1

Subscribe Reply

4465

Jeffrey Sheldon via SQLMonster.com

Edward,

Our Financial system has that configuration.

Using your example: TESTDB is a user that is granted the db_owner role but
TESTDB is not the dbo of the database/table.

Under User Properties you see TESTDB as granted to public/db_owner checked.

But if you choose Permissions you see nothing checked.

If you look above the window grid you see 'List only objects with
permissions for this user'. If you click this I will bet you have nothing
in your grid.

TESTDB has inherited the permissions based on the role you have given them
(in this case db_owner).

IF you provided a permission (like exclude DELETE on a specific table) then
this would show as checked in permissions.

The permissions is the exception to what the role has given.

I tried to communicate this the best I could...sorry if it is a bit choppy.

Jeff

--
Message posted via http://www.sqlmonster.com

Jul 23 '05 #2

Erland Sommarskog

(te********@hot mail.com) writes:

If I click the "Users" leaf in the "TESTDB" node, there are two users -
"dbo" and "TESTDBLOGI N". If I right-click the "TESTDBLOGI N" user, I
can see that it has Database Role Memberships for the "public" and the
"db_owner" roles. But if I examine the permissions on these two roles
(by selecting the row, and then pressing the "Permission s" button) I
find that there are permissions set for EITHER role - all the check
boxes are blank!

So, how is it that I can do SELECT, UPDATE, INSERT and DELETE
operations via this login/user?

Sorry it all took so long - I just wanted to get it right.

If I understood this correctly, this user belongs to the db_owner role.
In this case he has permissions to do anything in the database.
--
Erland Sommarskog, SQL Server MVP, es****@sommarsk og.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp

Jul 23 '05 #3

teddysnips

Erland Sommarskog wrote:

(te********@hot mail.com) writes:
If I click the "Users" leaf in the "TESTDB" node, there are two users -
"dbo" and "TESTDBLOGI N". If I right-click the "TESTDBLOGI N" user, I
can see that it has Database Role Memberships for the "public" and the
"db_owner" roles. But if I examine the permissions on these two roles
(by selecting the row, and then pressing the "Permission s" button) I
find that there are permissions set for EITHER role - all the check
boxes are blank!

So, how is it that I can do SELECT, UPDATE, INSERT and DELETE
operations via this login/user?

Sorry it all took so long - I just wanted to get it right.

If I understood this correctly, this user belongs to the db_owner role.
In this case he has permissions to do anything in the database.

Thanks for this. I suppose it's pretty obvious when you think about
it, but the permissions for db_owner are not explicity spelled out in
the book I am following. Also, I don't really understand why the
Permissions properties for the user aren't filled in (when you press
the "Permission s" button), but that's a side issue.

Thanks again.

Edward

Jul 23 '05 #4

Similar topics

2874

Session Security

by: bonehead | last post by:

I'm still a novice when it comes to session security issues. The problems I'm trying to solve may be fairly common, but I haven't seen examples of solutions in any of the books I've looked at. I currently have a page called 'login.php' which requires the user to provide a userid/password combination. If the user logs in successfully (i.e., the supplied userid/password combination is in the mysql database), the user is directed to a page...

PHP

2487

Help on ASP routine

by: Caliangelas | last post by:

Hello, I need a routine to check for a number called CPF (just like Social Security Number in USA). I already have a validation routine for that number, but I still need to check if it exists on the institution databank to avoid frauds on my system. The idea is to build a "new user register page" and with a CPF field. So, when the person enter his CPF, the ASP page would check on the institution databank and validate or not the...

ASP / Active Server Pages

2459

Help - Secure page by remembering user?

by: | last post by:

Please help. After a number of wrong turns and experiments I need advice on login management system to secure our web pages without inconveniencing our visitors or our internal staff. What I need: A system whereby the user only has to register ONCE and he will have automatic entry to ANY page without havinto to RE-LOGIN even if he comes in

ASP / Active Server Pages

1512

Security design questions

by: Wescotte | last post by:

I'm currently working on desiging several web based applications that would be grouped into a larger web based menu system. However I'm not sure exactly how to go about making it as secure as possible. I'm guessing most systems are setup in the following fashion. Create a single user account (I'll reference this account as ROOT) that has access to all the tables my applications will use. Create a table for storage of...

PHP

5463

Cannot use mail() in IE, only works in a debugger--help

by: baustin75 | last post by:

Posted: Mon Oct 03, 2005 1:41 pm Post subject: cannot mail() in ie only when debugging in php designer 2005 -------------------------------------------------------------------------------- Hello, I have a very simple problem but cannot seem to figure it out. I have a very simple php script that sends a test email to myself. When I debug it in PHP designer, it works with no problems, I get the test email. If

PHP

4636

help, button has to be clicked twice?

by: Zelin Lu | last post by:

Hello, All I am building two user controls and dynamicly load one them into a PlaceHolder. But the button on the user control doesn't work fine. I need to click twice to fire the event? Anybody could help me? Thank you very much

C# / C Sharp

2305

sqlserver connection - need help desperately!

by: peshekeedweller | last post by:

Using asp.net 1.1. vb.net 2003. I am trying to connect to a remote sql server 2000 on a virtual machine running windows 2000 server. I can connect through the server explorer in visual studio, but cannot connect through code. I have done it before and can not do it now; I don't know what changed. (I also cannot connect to local Access database through code though I can from server explorer.) The code is: conn = New SqlConnection("data...

ASP.NET

1322

Authentication help.

by: archana | last post by:

Hi all I am new to asp.net. I want to implement authentication in all pages. What i want to do is validate user from database table. So currently what i am doing is on login page validating user and storing valid user id in sesstion. On every page i am checking userid from session.. But i don't want to behavirour. what i want is to provide authentication to all pages once not on every page .

ASP.NET

6129

Please help: Losing Request Scope Variable Values

by: chromis | last post by:

Hi there, I've recently been updating a site to use locking on application level variables, and I am trying to use a commonly used method which copies the application struct into the request scope. Application variables are then accessed in this manner Request.App.<Var>. To begin with I had a simple functioning login system inside a subdirectory named admin, this subdirectory had it's own application.cfm, I wasn't sure whether to duplicate...

ColdFusion

8397

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8310

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

8503

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

7333

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6167

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5632

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

2731

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

1957

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

1620

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General