June 17, 2009 at 11:28 am
I am a novice admin. I have a new instance of sqlserver 2005 installed and I want to begin with a naming convention that is scalable. Admin users have accounts in our Active Directory. If I create logins for the admins using their Active Directory login, what should I use as a name for the associated user accounts? Also, for other account that use SqlServer Auth, should the login names be the same as the user names? Examples would be helpful. Thanks, Mike
June 17, 2009 at 11:47 am
If you're creating AD accounts, you dont need to create seperate user ids for accessing databases. They'll use windows authetication to login to the server and then access databases as per associated rights for each user.
For Sql authentication login names and user ids need not be same but it'd be better if they're same for better manageability.
June 17, 2009 at 11:48 am
I did find this link helpful but would still like some feedback.
http://www.sqlservercentral.com/articles/Naming+Standards/codingstandardspart1/677/
June 17, 2009 at 11:54 am
Pradeep,
ps (6/17/2009)
If you're creating AD accounts, you dont need to create seperate user ids for accessing databases. They'll use windows authetication to login to the server and then access databases as per associated rights for each user.
I don't have access to the Active Directory. Another department handles that. So in this case I think I would need to create user accounts, right?
For Sql authentication login names and user ids need not be same but it'd be better if they're same for better manageability.
Ok. Thanks. Mike
June 17, 2009 at 12:04 pm
mike-g (6/17/2009)
Pradeep,ps (6/17/2009)
If you're creating AD accounts, you dont need to create seperate user ids for accessing databases. They'll use windows authetication to login to the server and then access databases as per associated rights for each user.I don't have access to the Active Directory. Another department handles that. So in this case I think I would need to create user accounts, right?
No still you dont need to create user accounts.
you'll need to grant permisssion to the NT ID to access the db(u'd obviously which NT ID requires permission to access the db).
http://msdn.microsoft.com/en-us/library/aa905171(SQL.80).aspx"> http://msdn.microsoft.com/en-us/library/aa905171(SQL.80).aspx
http://msdn.microsoft.com/en-us/library/ms173449(SQL.90).aspx"> http://msdn.microsoft.com/en-us/library/ms173449(SQL.90).aspx
Go through these links for better understanding of windows authentication.
June 17, 2009 at 2:10 pm
Pradeep,
Thanks for the links. I did read through them but still don't completely understand what I need to do.
I've created a login on sqlserver using an Active Directory account but am not sure if I need to do that and if so, now I don't know how to manage the user account on sqlserver for the Active Directory login account.
Thanks again, Mike
June 17, 2009 at 3:18 pm
mike-g (6/17/2009)
I am a novice admin. I have a new instance of sqlserver 2005 installed and I want to begin with a naming convention that is scalable. Admin users have accounts in our Active Directory. If I create logins for the admins using their Active Directory login, what should I use as a name for the associated user accounts? Also, for other account that use SqlServer Auth, should the login names be the same as the user names? Examples would be helpful. Thanks, Mike
I think this is a personal preference. With both domain logins or SQL logins, you can make the database user name the same as the login name or make them different. I've found it's easier for me to associate them visually if they're the same.
Greg
June 18, 2009 at 12:10 am
mike-g (6/17/2009)
Pradeep,Thanks for the links. I did read through them but still don't completely understand what I need to do.
I've created a login on sqlserver using an Active Directory account but am not sure if I need to do that and if so, now I don't know how to manage the user account on sqlserver for the Active Directory login account.
Thanks again, Mike
For every NT ID who wants to access the database, you need to create logins. to grant access to a specific database, you expand databases in the SSMS, expand a database, expand security, click on users and add the user there(windows authentication).
Suppose domain name is domain1 and user NT ID is pksingh
1. to grant access to server for this NT ID u write something like this.
create login [domain1\pksingh] from windows
See example D at http://msdn.microsoft.com/en-us/library/ms189751(SQL.90).aspx
This url shows how to create a windows login from SSMS http://msdn.microsoft.com/en-us/library/aa337562.aspx
once u've created a login, next step is to create a user on a database.
2. This URL helps u to create a user if from SSMS http://msdn.microsoft.com/en-us/library/aa337545.aspx
For windows authentication, your users do not need to supply any password anywhere. They just need to select Windows Authetication and they can login to the server.
June 18, 2009 at 6:40 am
Greg,
I agree. I am going to name both logins/users with the same name.
Thanks. Mike
June 21, 2009 at 12:54 am
If you have a number of users who need the same access, you can create an NT group and give the acces son SQL Server to the group, which is much better than trying to manage large numbers of individual users. If your NT groups are managed properly, this also takes care of removing ID's when someone changes jobs or leaves the company. We try to keep individual logins to a minimum on our servers, preferring to use groups.
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply