Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
mitchelt
Starting Member
16 Posts |
 Posted - 2006-09-21 : 11:57:17
|
| Hi,When I create a SQL user that will be used for a DSN to connect a web app to the SQL Server does the user under Database Access only need PUBLIC or do they need OWNER also?The web app allows users to insert/update/delete records.Thanks!Mitch |
|
|
SQLServerDBA_Dan
Aged Yak Warrior
752 Posts |
Posted - 2006-09-21 : 12:42:28
|
| You really should be doing all your DML in sprocs. Then the permissions to the sprocs can be put in a role and the user can be added to that role. There is also a role type that the application can use (application role). Read up on roles and permissions in books online.Daniel, MCP, A+SQL Server DBAwww.dallasteam.com |
 |
|
|
mcrowley
Aged Yak Warrior
771 Posts |
Posted - 2006-09-21 : 15:51:59
|
| In order to set up a DSN, you only need a user with public access to the database. No special read or update permissions are required to set up the DSN. |
|
|
|
mitchelt
Starting Member
16 Posts |
Posted - 2006-09-23 : 09:30:31
|
quote:
Originally posted by mcrowley
In order to set up a DSN, you only need a user with public access to the database. No special read or update permissions are required to set up the DSN.
Thanks for the info, I thought they only needed public access.Thanks!MItch |
|
|
|
mitchelt
Starting Member
16 Posts |
Posted - 2006-09-23 : 09:31:36
|
quote:
Originally posted by SQLServerDBA_Dan
You really should be doing all your DML in sprocs. Then the permissions to the sprocs can be put in a role and the user can be added to that role. There is also a role type that the application can use (application role). Read up on roles and permissions in books online.
Thanks. I agree but for now the app is not using sprocs, I guess I will create a User with Public access for a DSN. |
|
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2006-09-23 : 16:25:01
|
| At the least you should:1. Restrict the public user role from having any access except what's absolutely necessary.--Refer to www.sqlsecurity.com for an example.2. Create a new role and add the web app user(s) to it.3. Grant the new role ONLY the permissions it needs.This will be a minimal amount of work; and you aren't granting public even more access (you should be going the opposite direction). MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
|
|
|
|
|
|
SQL User used for DSN and permissions....