Jens (Je**@sqlserver2005.de) writes:
SQL Server login controls the login to the server and does the
authentication of the users and the autorization on server level (e.g.
for server roles). The database logins and mapped users are for
authorization within the database. YOu need to first have a user
created on server level and grant him permissions to connect to the
server to authorize him in the database.
In SQL 2005, you can create database users that does not have logins.
This is useful in a couple of situations. One is when you use certificates
or EXECUTE AS to create a customer permissions. Another is when the
application authenticates the users outside SQL Server and logs into
SQL Server with the same login for all user. The application can then
do EXECUTE AS on the database users, so once there it works like a normal
application. But since the users are locked out from SQL Server, they
can do no harm if they get query tool in their hands.
--
Erland Sommarskog, SQL Server MVP,
es****@sommarskog.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinf...ons/books.mspx