473,836 Members | 1,505 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Help with the Security/Login/User area of operations

Currently studying for 70-229.

I'm trying to understand how security for users is managed in SQL
Server. I've been using SQL Server for a few years now, but without
investigating the bits that "just work".

So, here's the scenario. This is more or less how I create all my
applications (which these days are all ASP.NET).

I have a database called "TESTDB" (original, huh?)

Now, I want to create a method for users to access this database, so I
open EM, locate and expand the node for the server containing the
database, and open the "Security" node. Click on the "Logins" leaf,
and in the pane right-click and select "New Login.."

On the "General" tab I enter "TESTDBLOGI N" as the Name.

Select "SQL Server Authentication" , and put in a password.

In the drop-down list of databases select "TESTDBLOGI N"

Ignoring the "Server Roles" tab, I go to the "Database Access" tab and
scroll down until I can see the "TESTDB" database. Check the "Permit"
checkbox, and lo!, the "Database Roles for TESTDB" list is populated,
with "public" already ticked. I check the "db_owner" box, and press
"OK". It asks me to confirm the password, and once that's done there's
a new login called TESTDBLOGIN. What's more in "Users" leaf in the
"TESTDB" database node there's a new user called "TESTDBLOGI N".

All well and good. I can now create a connection using this login and
do more or less what I want in the TESTDB database.

But.

If I click the "Users" leaf in the "TESTDB" node, there are two users -
"dbo" and "TESTDBLOGI N". If I right-click the "TESTDBLOGI N" user, I
can see that it has Database Role Memberships for the "public" and the
"db_owner" roles. But if I examine the permissions on these two roles
(by selecting the row, and then pressing the "Permission s" button) I
find that there are permissions set for EITHER role - all the check
boxes are blank!

So, how is it that I can do SELECT, UPDATE, INSERT and DELETE
operations via this login/user?

Sorry it all took so long - I just wanted to get it right.

Thanks

Edward
--
The reading group's reading group:
http://www.bookgroup.org.uk

Jul 23 '05 #1
3 4474
Edward,

Our Financial system has that configuration.

Using your example: TESTDB is a user that is granted the db_owner role but
TESTDB is not the dbo of the database/table.

Under User Properties you see TESTDB as granted to public/db_owner checked.

But if you choose Permissions you see nothing checked.

If you look above the window grid you see 'List only objects with
permissions for this user'. If you click this I will bet you have nothing
in your grid.

TESTDB has inherited the permissions based on the role you have given them
(in this case db_owner).

IF you provided a permission (like exclude DELETE on a specific table) then
this would show as checked in permissions.

The permissions is the exception to what the role has given.

I tried to communicate this the best I could...sorry if it is a bit choppy.

Jeff

--
Message posted via http://www.sqlmonster.com
Jul 23 '05 #2
(te********@hot mail.com) writes:
If I click the "Users" leaf in the "TESTDB" node, there are two users -
"dbo" and "TESTDBLOGI N". If I right-click the "TESTDBLOGI N" user, I
can see that it has Database Role Memberships for the "public" and the
"db_owner" roles. But if I examine the permissions on these two roles
(by selecting the row, and then pressing the "Permission s" button) I
find that there are permissions set for EITHER role - all the check
boxes are blank!

So, how is it that I can do SELECT, UPDATE, INSERT and DELETE
operations via this login/user?

Sorry it all took so long - I just wanted to get it right.


If I understood this correctly, this user belongs to the db_owner role.
In this case he has permissions to do anything in the database.
--
Erland Sommarskog, SQL Server MVP, es****@sommarsk og.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp
Jul 23 '05 #3


Erland Sommarskog wrote:
(te********@hot mail.com) writes:
If I click the "Users" leaf in the "TESTDB" node, there are two users -
"dbo" and "TESTDBLOGI N". If I right-click the "TESTDBLOGI N" user, I
can see that it has Database Role Memberships for the "public" and the
"db_owner" roles. But if I examine the permissions on these two roles
(by selecting the row, and then pressing the "Permission s" button) I
find that there are permissions set for EITHER role - all the check
boxes are blank!

So, how is it that I can do SELECT, UPDATE, INSERT and DELETE
operations via this login/user?

Sorry it all took so long - I just wanted to get it right.


If I understood this correctly, this user belongs to the db_owner role.
In this case he has permissions to do anything in the database.


Thanks for this. I suppose it's pretty obvious when you think about
it, but the permissions for db_owner are not explicity spelled out in
the book I am following. Also, I don't really understand why the
Permissions properties for the user aren't filled in (when you press
the "Permission s" button), but that's a side issue.

Thanks again.

Edward

Jul 23 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
2889
by: bonehead | last post by:
I'm still a novice when it comes to session security issues. The problems I'm trying to solve may be fairly common, but I haven't seen examples of solutions in any of the books I've looked at. I currently have a page called 'login.php' which requires the user to provide a userid/password combination. If the user logs in successfully (i.e., the supplied userid/password combination is in the mysql database), the user is directed to a page...
1
2495
by: Caliangelas | last post by:
Hello, I need a routine to check for a number called CPF (just like Social Security Number in USA). I already have a validation routine for that number, but I still need to check if it exists on the institution databank to avoid frauds on my system. The idea is to build a "new user register page" and with a CPF field. So, when the person enter his CPF, the ASP page would check on the institution databank and validate or not the...
18
2480
by: | last post by:
Please help. After a number of wrong turns and experiments I need advice on login management system to secure our web pages without inconveniencing our visitors or our internal staff. What I need: A system whereby the user only has to register ONCE and he will have automatic entry to ANY page without havinto to RE-LOGIN even if he comes in
5
1524
by: Wescotte | last post by:
I'm currently working on desiging several web based applications that would be grouped into a larger web based menu system. However I'm not sure exactly how to go about making it as secure as possible. I'm guessing most systems are setup in the following fashion. Create a single user account (I'll reference this account as ROOT) that has access to all the tables my applications will use. Create a table for storage of...
8
5484
by: baustin75 | last post by:
Posted: Mon Oct 03, 2005 1:41 pm Post subject: cannot mail() in ie only when debugging in php designer 2005 -------------------------------------------------------------------------------- Hello, I have a very simple problem but cannot seem to figure it out. I have a very simple php script that sends a test email to myself. When I debug it in PHP designer, it works with no problems, I get the test email. If
8
4649
by: Zelin Lu | last post by:
Hello, All I am building two user controls and dynamicly load one them into a PlaceHolder. But the button on the user control doesn't work fine. I need to click twice to fire the event? Anybody could help me? Thank you very much
16
2320
by: peshekeedweller | last post by:
Using asp.net 1.1. vb.net 2003. I am trying to connect to a remote sql server 2000 on a virtual machine running windows 2000 server. I can connect through the server explorer in visual studio, but cannot connect through code. I have done it before and can not do it now; I don't know what changed. (I also cannot connect to local Access database through code though I can from server explorer.) The code is: conn = New SqlConnection("data...
5
1330
by: archana | last post by:
Hi all I am new to asp.net. I want to implement authentication in all pages. What i want to do is validate user from database table. So currently what i am doing is on login page validating user and storing valid user id in sesstion. On every page i am checking userid from session.. But i don't want to behavirour. what i want is to provide authentication to all pages once not on every page .
5
6139
by: chromis | last post by:
Hi there, I've recently been updating a site to use locking on application level variables, and I am trying to use a commonly used method which copies the application struct into the request scope. Application variables are then accessed in this manner Request.App.<Var>. To begin with I had a simple functioning login system inside a subdirectory named admin, this subdirectory had it's own application.cfm, I wasn't sure whether to duplicate...
1
10595
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10254
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9379
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
6979
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5650
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5828
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4458
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4021
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
3116
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.