Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Administration
 serious problem in linked server security

Author  Topic 

m.esteghamat
Starting Member

47 Posts

Posted - 2012-10-29 : 04:42:45
Hi
I created a linked server.
---------------------------------
type : sql server
local Login : login1
Remote user & remote password : (Case 1 : empty - Case 2 : = login1)
be made using this sequrity content : login1 passlogin1
---------------------------------
Problem :
Any login in server1 (that server has linked server) has all access on linked server (all databases on it)!!!!!!
that means : if any user with least access, knows only knows linked server name and a database name on it, it can select any data from that database whitout any formal access.
please help me. I should protect linked server data, from local user in server1.
thank you.

visakh16
Very Important crosS Applying yaK Herder

52326 Posts

Posted - 2012-10-29 : 10:17:44
depends on whats the credential to which users are mapped into in linked server

------------------------------------------------------------------------------------------------------
SQL Server MVP
http://visakhm.blogspot.com/

Go to Top of Page

m.esteghamat
Starting Member

47 Posts

Posted - 2012-10-31 : 03:11:36
that was very short, Please desc it more.
Go to Top of Page

m.esteghamat
Starting Member

47 Posts

Posted - 2012-11-11 : 05:20:43
Hi again
How do I control mapped user to linked server?
Go to Top of Page

Bustaz Kool
Master Smack Fu Yak Hacker

1834 Posts

Posted - 2012-11-13 : 18:35:38
If you right-click on your linked server inside SSMS and bring up the Properties->Security, there are a variety of ways to limit/define the security. You can define an explicit list of people who can make use of the linked server. You can define an explicit login to use; this login could have few or many rights depending on your objective. You can define it so that each user uses their own security context in wich case the amount of trouble they can get into is limited by the set of rights they have been granted. You can also define it so that they login using no security context. I have no idea what that option actually means.

=================================================
We are far more concerned about the desecration of the flag than we are about the desecration of our land. -Wendell Berry
Go to Top of Page

Lumbago
Norsk Yak Master

3271 Posts

Posted - 2012-11-14 : 06:58:59
I don't see the big problem, why can't you just map the local user to a remote account that has limited privileges...? ->

"For a login not defined in the list above, connections will:"
a) Not be made
b) Be made using this security context

- Lumbago
My blog-> http://thefirstsql.com
Go to Top of Page
   

- Advertisement -