Privileges required for reading available databases (MS SQL Server)
-
Hey friends, I have serveral usergroups in AD and I want each group to have read / write acces to one or more databases in SQL Server. I know how to set the privileges so that each database is accessable by the correct usergroup and not for all other groups, but I don't know how to set permissions required to query SQL Server which databases are accessable for the user currently logged on. I'm using integrated security. Anyone?
.: I love it when a plan comes together :. http://www.zonderpunt.nl
-
Hey friends, I have serveral usergroups in AD and I want each group to have read / write acces to one or more databases in SQL Server. I know how to set the privileges so that each database is accessable by the correct usergroup and not for all other groups, but I don't know how to set permissions required to query SQL Server which databases are accessable for the user currently logged on. I'm using integrated security. Anyone?
.: I love it when a plan comes together :. http://www.zonderpunt.nl
Eduard Keilholz wrote:
I'm using integrated security.
IMHO that is where you are going wrong. AD is both too much and too little to meet application security. We maintain our own user authorisation, especially as we have a 2 day turn around on AD changes. How do you test each group functionality, use different logins for each group X| Users are authenticated via AD and then are given a profile that includes a list of apps they have access to and the functionality they have within the app.
Never underestimate the power of human stupidity RAH
-
Hey friends, I have serveral usergroups in AD and I want each group to have read / write acces to one or more databases in SQL Server. I know how to set the privileges so that each database is accessable by the correct usergroup and not for all other groups, but I don't know how to set permissions required to query SQL Server which databases are accessable for the user currently logged on. I'm using integrated security. Anyone?
.: I love it when a plan comes together :. http://www.zonderpunt.nl