SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 SQL Server 2000 Forums
 SQL Server Administration (2000)
 NT Groups or Application Roles
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

clarkbaker1964
Constraint Violating Yak Guru

USA
428 Posts

Posted - 12/10/2004 :  15:06:36  Show Profile  Visit clarkbaker1964's Homepage  Reply with Quote
I have an application with 31 users, this application needs to access 7 servers and 45+ databases...
Currently we are using an Application account, this however means we are hardcoding the password in the app.

I'm struggling with creating an NT Group and then granting permissions to that group within each server and database or do I maintain all NT ids in SQL and add them to roles...

Help appreciated... This is the first of many such apps where I would like to move to NT Security

tkizer
Almighty SQL Goddess

USA
37157 Posts

Posted - 12/10/2004 :  16:17:55  Show Profile  Visit tkizer's Homepage  Reply with Quote
You would create an NT group in Active Directory. Then add their accounts to it. Then add this group to each SQL Server. Then add the group to the database role, which should already exist.

Tara
Go to Top of Page

clarkbaker1964
Constraint Violating Yak Guru

USA
428 Posts

Posted - 12/10/2004 :  16:58:28  Show Profile  Visit clarkbaker1964's Homepage  Reply with Quote
That was the bend I was considering... I feel better about this approach given it comes from you thank you!!!

Go to Top of Page

derrickleggett
Pointy Haired Yak DBA

USA
4184 Posts

Posted - 12/11/2004 :  12:00:01  Show Profile  Visit derrickleggett's Homepage  Send derrickleggett an AOL message  Send derrickleggett a Yahoo! Message  Reply with Quote
That's the security model we use here also clark.

Users--->AD Group---->SQL Server Role---->Grant Statements

You can then change anything from the AD Group on back without having to redo your permissions, which are mapped only to the SQL Server Roles. It's helped us a lot in our security audits with SOX.

MeanOldDBA
derrickleggett@hotmail.com

When life gives you a lemon, fire the DBA.
Go to Top of Page

jen
Flowing Fount of Yak Knowledge

Sweden
4110 Posts

Posted - 12/13/2004 :  01:40:07  Show Profile  Send jen a Yahoo! Message  Reply with Quote
fyi, this will only work if users are members of the domain and have domain accounts


--------------------
keeping it simple...
Go to Top of Page

derrickleggett
Pointy Haired Yak DBA

USA
4184 Posts

Posted - 12/14/2004 :  19:23:00  Show Profile  Visit derrickleggett's Homepage  Send derrickleggett an AOL message  Send derrickleggett a Yahoo! Message  Reply with Quote
That's not exactly true. You can also use local accounts on the app/web servers. You have to setup the same usernames and passwords on the database server. You then grant the local/user access in the SQL Server and database.

MeanOldDBA
derrickleggett@hotmail.com

When life gives you a lemon, fire the DBA.
Go to Top of Page

jen
Flowing Fount of Yak Knowledge

Sweden
4110 Posts

Posted - 12/14/2004 :  21:56:34  Show Profile  Send jen a Yahoo! Message  Reply with Quote
quote:
Originally posted by derrickleggett

That's not exactly true. You can also use local accounts on the app/web servers. You have to setup the same usernames and passwords on the database server. You then grant the local/user access in the SQL Server and database.

MeanOldDBA
derrickleggett@hotmail.com

When life gives you a lemon, fire the DBA.



for nt accounts? really? i have to check this out, thanks for the info.

--------------------
keeping it simple...
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.06 seconds. Powered By: Snitz Forums 2000