473,406 Members | 2,745 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > microsoft sql server > questions > help with the security/login/user area of operations

Join Bytes to post your question to a community of 473,406 software developers and data experts.

Help with the Security/Login/User area of operations

Currently studying for 70-229.

I'm trying to understand how security for users is managed in SQL
Server. I've been using SQL Server for a few years now, but without
investigating the bits that "just work".

So, here's the scenario. This is more or less how I create all my
applications (which these days are all ASP.NET).

I have a database called "TESTDB" (original, huh?)

Now, I want to create a method for users to access this database, so I
open EM, locate and expand the node for the server containing the
database, and open the "Security" node. Click on the "Logins" leaf,
and in the pane right-click and select "New Login.."

On the "General" tab I enter "TESTDBLOGIN" as the Name.

Select "SQL Server Authentication", and put in a password.

In the drop-down list of databases select "TESTDBLOGIN"

Ignoring the "Server Roles" tab, I go to the "Database Access" tab and
scroll down until I can see the "TESTDB" database. Check the "Permit"
checkbox, and lo!, the "Database Roles for TESTDB" list is populated,
with "public" already ticked. I check the "db_owner" box, and press
"OK". It asks me to confirm the password, and once that's done there's
a new login called TESTDBLOGIN. What's more in "Users" leaf in the
"TESTDB" database node there's a new user called "TESTDBLOGIN".

All well and good. I can now create a connection using this login and
do more or less what I want in the TESTDB database.

But.

If I click the "Users" leaf in the "TESTDB" node, there are two users -
"dbo" and "TESTDBLOGIN". If I right-click the "TESTDBLOGIN" user, I
can see that it has Database Role Memberships for the "public" and the
"db_owner" roles. But if I examine the permissions on these two roles
(by selecting the row, and then pressing the "Permissions" button) I
find that there are permissions set for EITHER role - all the check
boxes are blank!

So, how is it that I can do SELECT, UPDATE, INSERT and DELETE
operations via this login/user?

Sorry it all took so long - I just wanted to get it right.

Thanks

Edward
--
The reading group's reading group:
http://www.bookgroup.org.uk

Jul 23 '05 #1
3 4447
Edward,

Our Financial system has that configuration.

Using your example: TESTDB is a user that is granted the db_owner role but
TESTDB is not the dbo of the database/table.

Under User Properties you see TESTDB as granted to public/db_owner checked.

But if you choose Permissions you see nothing checked.

If you look above the window grid you see 'List only objects with
permissions for this user'. If you click this I will bet you have nothing
in your grid.

TESTDB has inherited the permissions based on the role you have given them
(in this case db_owner).

IF you provided a permission (like exclude DELETE on a specific table) then
this would show as checked in permissions.

The permissions is the exception to what the role has given.

I tried to communicate this the best I could...sorry if it is a bit choppy.

Jeff

--
Message posted via http://www.sqlmonster.com
Jul 23 '05 #2
(te********@hotmail.com) writes:
If I click the "Users" leaf in the "TESTDB" node, there are two users -
"dbo" and "TESTDBLOGIN". If I right-click the "TESTDBLOGIN" user, I
can see that it has Database Role Memberships for the "public" and the
"db_owner" roles. But if I examine the permissions on these two roles
(by selecting the row, and then pressing the "Permissions" button) I
find that there are permissions set for EITHER role - all the check
boxes are blank!

So, how is it that I can do SELECT, UPDATE, INSERT and DELETE
operations via this login/user?

Sorry it all took so long - I just wanted to get it right.


If I understood this correctly, this user belongs to the db_owner role.
In this case he has permissions to do anything in the database.
--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp
Jul 23 '05 #3


Erland Sommarskog wrote:
(te********@hotmail.com) writes:
If I click the "Users" leaf in the "TESTDB" node, there are two users -
"dbo" and "TESTDBLOGIN". If I right-click the "TESTDBLOGIN" user, I
can see that it has Database Role Memberships for the "public" and the
"db_owner" roles. But if I examine the permissions on these two roles
(by selecting the row, and then pressing the "Permissions" button) I
find that there are permissions set for EITHER role - all the check
boxes are blank!

So, how is it that I can do SELECT, UPDATE, INSERT and DELETE
operations via this login/user?

Sorry it all took so long - I just wanted to get it right.


If I understood this correctly, this user belongs to the db_owner role.
In this case he has permissions to do anything in the database.


Thanks for this. I suppose it's pretty obvious when you think about
it, but the permissions for db_owner are not explicity spelled out in
the book I am following. Also, I don't really understand why the
Permissions properties for the user aren't filled in (when you press
the "Permissions" button), but that's a side issue.

Thanks again.

Edward

Jul 23 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
Session Security
by: bonehead | last post by:
I'm still a novice when it comes to session security issues. The problems I'm trying to solve may be fairly common, but I haven't seen examples of solutions in any of the books I've looked at. I...
PHP
1
Help on ASP routine
by: Caliangelas | last post by:
Hello, I need a routine to check for a number called CPF (just like Social Security Number in USA). I already have a validation routine for that number, but I still need to check if it exists on...
ASP / Active Server Pages
18
Help - Secure page by remembering user?
by: | last post by:
Please help. After a number of wrong turns and experiments I need advice on login management system to secure our web pages without inconveniencing our visitors or our internal staff. What I...
ASP / Active Server Pages
5
Security design questions
by: Wescotte | last post by:
I'm currently working on desiging several web based applications that would be grouped into a larger web based menu system. However I'm not sure exactly how to go about making it as secure as...
PHP
8
Cannot use mail() in IE, only works in a debugger--help
by: baustin75 | last post by:
Posted: Mon Oct 03, 2005 1:41 pm Post subject: cannot mail() in ie only when debugging in php designer 2005 -------------------------------------------------------------------------------- ...
PHP
8
help, button has to be clicked twice?
by: Zelin Lu | last post by:
Hello, All I am building two user controls and dynamicly load one them into a PlaceHolder. But the button on the user control doesn't work fine. I need to click twice to fire the event? ...
C# / C Sharp
16
sqlserver connection - need help desperately!
by: peshekeedweller | last post by:
Using asp.net 1.1. vb.net 2003. I am trying to connect to a remote sql server 2000 on a virtual machine running windows 2000 server. I can connect through the server explorer in visual studio,...
ASP.NET
5
Authentication help.
by: archana | last post by:
Hi all I am new to asp.net. I want to implement authentication in all pages. What i want to do is validate user from database table. So currently what i am doing is on login page validating...
ASP.NET
5
Please help: Losing Request Scope Variable Values
by: chromis | last post by:
Hi there, I've recently been updating a site to use locking on application level variables, and I am trying to use a commonly used method which copies the application struct into the request...
ColdFusion
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!