Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
Author |
Topic |
clarkbaker1964
Constraint Violating Yak Guru
428 Posts |
Posted - 2004-12-10 : 15:06:36
|
I have an application with 31 users, this application needs to access 7 servers and 45+ databases...Currently we are using an Application account, this however means we are hardcoding the password in the app.I'm struggling with creating an NT Group and then granting permissions to that group within each server and database or do I maintain all NT ids in SQL and add them to roles... Help appreciated... This is the first of many such apps where I would like to move to NT Security |
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-12-10 : 16:17:55
|
You would create an NT group in Active Directory. Then add their accounts to it. Then add this group to each SQL Server. Then add the group to the database role, which should already exist.Tara |
|
|
clarkbaker1964
Constraint Violating Yak Guru
428 Posts |
Posted - 2004-12-10 : 16:58:28
|
That was the bend I was considering... I feel better about this approach given it comes from you thank you!!! |
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2004-12-11 : 12:00:01
|
That's the security model we use here also clark.Users--->AD Group---->SQL Server Role---->Grant StatementsYou can then change anything from the AD Group on back without having to redo your permissions, which are mapped only to the SQL Server Roles. It's helped us a lot in our security audits with SOX.MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2004-12-13 : 01:40:07
|
fyi, this will only work if users are members of the domain and have domain accounts--------------------keeping it simple... |
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2004-12-14 : 19:23:00
|
That's not exactly true. You can also use local accounts on the app/web servers. You have to setup the same usernames and passwords on the database server. You then grant the local/user access in the SQL Server and database.MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2004-12-14 : 21:56:34
|
quote: Originally posted by derrickleggett That's not exactly true. You can also use local accounts on the app/web servers. You have to setup the same usernames and passwords on the database server. You then grant the local/user access in the SQL Server and database.MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA.
for nt accounts? really? i have to check this out, thanks for the info.--------------------keeping it simple... |
|
|
|
|
|