July 14, 2015 at 1:07 am
Probably asked before and I feel very dumb asking such a basic question. I am a developer not a DBA and I have been asked to look at sql server security.
When one creates a login that uses window authentication, does one then add (by convention) the same user account as a user for each database that that that user needs access to.
I think its possible to link a windows login to another user account. Why would you want to do this?
If my understanding is correct, it seems like double setup having to create a login for windows and then the same user with the same name for each database.
By default a user gets public access to a database. What does public actually give you? If public gives you read and write (if it does) why do you need the roles db_datareader and db_datawriter.
Sorry for such basic questions but googling just gives the same standards stock answers that does not give any real understanding.
July 14, 2015 at 2:53 am
petermaddin (7/14/2015)
When one creates a login that uses window authentication, does one then add (by convention) the same user account as a user for each database that that that user needs access to.
Yes, otherwise the person will not have any access to any DB. It's a security hierarchy. Logins allow you to connect to the server. Database users allow you to access a specific database. Permissions given to the user define what that person can do.
By default a user gets public access to a database. What does public actually give you?
Nothing by default. Ideally never anything. Public shouldn't have any permissions added to it.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply