I have an application with 31 users, this application needs to access 7 servers and 45+ databases... Currently we are using an Application account, this however means we are hardcoding the password in the app.
I'm struggling with creating an NT Group and then granting permissions to that group within each server and database or do I maintain all NT ids in SQL and add them to roles...
Help appreciated... This is the first of many such apps where I would like to move to NT Security
You would create an NT group in Active Directory. Then add their accounts to it. Then add this group to each SQL Server. Then add the group to the database role, which should already exist.
Users--->AD Group---->SQL Server Role---->Grant Statements
You can then change anything from the AD Group on back without having to redo your permissions, which are mapped only to the SQL Server Roles. It's helped us a lot in our security audits with SOX.
That's not exactly true. You can also use local accounts on the app/web servers. You have to setup the same usernames and passwords on the database server. You then grant the local/user access in the SQL Server and database.
That's not exactly true. You can also use local accounts on the app/web servers. You have to setup the same usernames and passwords on the database server. You then grant the local/user access in the SQL Server and database.
NT Groups or Application Roles
Posted - 12/10/2004 : 15:06:36
.
