Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
paradise_wolf
Starting Member
32 Posts |
 Posted - 2008-01-17 : 18:37:03
|
| I am developing a web site with asp.net 2.0 and c#, using Visual Studio 2005 and Microsoft SQL Server 2005 ( I am still learning about these technologies and languages ).I transferred my web site files to my NEW computer. The web site worked fine when running inside Visual Studio, however when I tried to run it in its PUBLISHED format it was giving this error message:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Server Error in '/MA' Application. Cannot open database "SiteData" requested by the login. The login failed.Login failed for user 'CENTAURUS\ASPNET'.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~I solved the problem by running SQL Server Management Stdio, right clicking “SiteData” database -> properties -> permissions->view server permissions then I chose “CENTAURUS\ASPNET” and since I DID NOT KNOW what grants are ESSENTIAL for the functioning of the database, I GRANTED EVERYTHING ( I ticked ALL the permissions).But since, probably, a lot of GRANTS are not only unnecessary but also may compromise the security of the web site, I would like to know what are the ESSENTIAL OR MINIMUM GRANTS NECESSARY for making the database functional to the web site and what GRANTS may compromise security. |
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2008-01-17 : 23:42:09
|
| probably just db_datareader and db_datawriter. depends on what your web app does |
 |
|
|
jackv
Master Smack Fu Yak Hacker
2179 Posts |
Posted - 2008-01-18 : 04:16:26
|
| Avoid giving them full SysAdmin rights , if they don't require themJack Vamvas--------------------Search IT jobs from multiple sources- http://www.ITjobfeed.com |
|
|
|
paradise_wolf
Starting Member
32 Posts |
Posted - 2008-01-18 : 05:06:31
|
| Hi Russel and JackI am not sure if you understood what settings I am talking about.The available list of permission grants for the database in the SQL Server Management Studio is enormous so I will list just some of them so you can have a better idea what I am talking about :Alter any connection, Alter any credential, alter any database, alter any event notifgication,Alter any linkede server,Alter any login, Alter settings, Authenticate server,Connect SQL, Control server, create any datbase,shutdown,View any database,View any definition,View server state, etc. So I would like to know what the essential ones are and what should be granted only on exceptional situations. |
|
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2008-01-18 : 09:38:05
|
| those arent database permissions, they are server ones.anyway, the answer still depends on what u need the web app to be allowed to do. it is fairly common to grant read/write permission to the database(s) the site will need to access.you can explicitly grant permissions at the object level as well.in the logins node under security, double-click CENTAURUS\ASPNET then go to the user mapping tab. grant db_datareader on any db that it NEEDS. then either grantr db_datawriter as well, or go to the securables tab and explicitly grant other permissions. This can all be done in T-SQL with GRANT permission statemnents as well.DO NOT grant any of those server permissions u mentioned. |
|
|
|
|
|
|
|
|
ESSENTIAL PERMISSION GRANTS for SQL database