Assume I use Integrated Security. I have two windows accounts one account
Tony that I use when logging in to the machine and the other is ASPNET that
IIS is using.
Now to my question will these two windows account(Tony and ASPNET) have the
same access rights to Sql Server ?
I mean that every windows account that you use with Integrated Secirity have
full right to Sql Server.
If not how can you control these accounts(Tony and ASPNET) in Sql Server
when none of these two account exist in sql server.
//Tony
Patterns & Practices ASP.NET security guidance
http://msdn.microsoft.com/en-us/library/ms954801.aspx
The ADO.NET Security documentation
http://msdn.microsoft.com/en-us/library/bb669074.aspx has links to
related topics in SQL BOL which will help with the details on the
server side. Sometimes it's hard ferreting out what you need, this
ties it together for you.
--Mary
--
Erland Sommarskog, SQL Server MVP, esq...@sommarskog.se
Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
I want to test this.
Create a user account that use Windows authentication that doesn't have
access to Sql Server.
Can somebody help me to guide me how I can do this ?
//Tony
"Erland Sommarskog" <esq...@sommarskog.se> skrev i meddelandet
news:Xns9CE9F38BE...@127.0.0.1...
Well, starting SSMSE is not strange - that's just another applicaiton.
> I can also list data from the Customer table in the Northwind database
> using a SqlDataSource and a DataGrid. I just tested to create a new user
> with name Test and added this user to the Guest group and this worked
> perfect.
>
> I want to test this.
> Create a user account that use Windows authentication that doesn't have
> access to Sql Server.
> Can somebody help me to guide me how I can do this ?
Could you run this query and post the results:
SELECT name FROM sys.server_principals WHERE type IN ('U', 'G')
//Tony
"Erland Sommarskog" <esq...@sommarskog.se> skrev i meddelandet
news:Xns9CEAE693D...@127.0.0.1...
To test "denying access" of Windows Account you will need to execute the
following in SQL Server 2005 express:
DENY CONNECT SQL TO <Windows Account Name>
Try that and let us know how that worked for you.
Brett
http://www.lockergnome.com/sqlsquirrel/
"Tony Johansson" wrote:
> .
>