Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

First SQL Database Expand / Collapse
Author
Message
Posted Friday, March 6, 2009 7:46 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, March 9, 2009 8:14 AM
Points: 6, Visits: 11
Hi
Apologies is this seems like a very basic question! I am new to sql having worked in access for the last few years.
I've setup a new sql database by upsizing my access database. I know need to connect to it from my web application, I'm planning to use a dsn string.
My question is do I need to setup a specific user account for my database so I can use this username and pw in my string? How would I go about doing this and what permissions would I need to set?
Many thanks
Post #670218
Posted Friday, March 6, 2009 8:13 AM


SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: Today @ 10:04 AM
Points: 4,468, Visits: 10,814
I would create a low permission user (low means as few as possibile), with windows authentication.
If you use a DSN entry, I'm not sure you can use NT authentication, so maybe you'll need to switch to a SQL user.

Your question is quite generic, so with that little information this is the best I can do.

Regards
Gianluca


--
Gianluca Sartori

How to post T-SQL questions
spaghettidba.com
@spaghettidba
Post #670257
Posted Friday, March 6, 2009 9:16 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: 2 days ago @ 6:55 AM
Points: 2,361, Visits: 6,750
First you will have to create a login and then grant access to DB that the user will connect. It can be a windows user or SQL User depending on your choice of connection.
Once that is done, give access to execute the Stored procs that you have created.
Those are the basic things that we can advice you with the limited info you provided.


-Roy
Post #670351
Posted Friday, March 6, 2009 9:57 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: 2 days ago @ 1:09 PM
Points: 13,872, Visits: 9,597
Your connection string can either have a specific username and password in it, or it can use integrated security (Windows security). I haven't set one up in a while, but I think it's something about "trusted connection=yes" or something like that.

The disadvantage to including the username and password in the connection string is that this can then be captured pretty easily and used to hack your database. Of course, if it's connecting from a web server on your LAN to a database server on the same LAN, it's unlikely to be hacked that way. It's mainly an issue if the application will ever be used from a desktop machine.


- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #670414
Posted Saturday, March 7, 2009 10:14 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, March 9, 2009 8:14 AM
Points: 6, Visits: 11
Hi
Thanks for the help. I have setup a SQL user and granted access for that user to the database.
I'm not sure what permissions I need to set for this user or how I give access to execute the stored procs, could you tell me how I would do this?
Many thanks
Post #670922
Posted Saturday, March 7, 2009 10:17 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: 2 days ago @ 6:55 AM
Points: 2,361, Visits: 6,750
Kerry,
Are you going to use only Stored Procs from your App? If so then you can give permission to execute to each seperate sp.

Grant execute on STOREDPROCNAME to USERYOUCREATED


-Roy
Post #670923
Posted Saturday, March 7, 2009 10:33 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, March 9, 2009 8:14 AM
Points: 6, Visits: 11
Hi
Thanks very much for the help - it's all working now
Post #670930
Posted Saturday, March 7, 2009 10:48 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 4:13 PM
Points: 31,214, Visits: 15,660
Kerry,

A couple things. First I edited the subject so as not to disclose your email. I'd be wary of that.

Second, I'd create a role. Right click Roles, new role, and then GRANT permissions to the role. Add the user to the role and you'll be able to then "duplicate" the permissions with other users if needed.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #670939
Posted Saturday, March 7, 2009 10:53 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, March 9, 2009 8:14 AM
Points: 6, Visits: 11
OK thank you for the help - I didn't mean to put my email here but wasn't sure how to change it.
Post #670942
Posted Monday, March 9, 2009 8:07 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Tuesday, October 21, 2014 7:28 AM
Points: 5,584, Visits: 6,380
One thing not previously mentioned, which happens in our environment all the time. If you have procs constantly added to the database which the client needs to use and this database is soley dedicated to this one purpose alone, then you can grant execute on the Schema instead of granting execute on individual procs.

WARNING: Re-read the above caveats before using this code! It can create security issues if you grant it on the wrong database or grant it without knowing the consequences!

Grant Execute on Schema::dbo to [MySQLLogin];

Of course "dbo" would be replaced with the schema name and if you're using a windows login, chances are "MYSQLLogin" would be changed to "MyDomain\MyLogin".

The great thing about this, if you have a dedicated environment, is you're not constantly running back and forth to grant permissions on new procs. On the other hand, as I said above, this can open up a whole can of security worms if you're not careful when and where you use it.


Brandie Tarvin, MCITP Database Administrator

Webpage: http://www.BrandieTarvin.net
LiveJournal Blog: http://brandietarvin.livejournal.com/
On LinkedIn!, Google+, and Twitter.

Freelance Writer: Shadowrun
Latchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.
Post #671516
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse