December 1, 2015 at 11:01 am
I have the following configuration:
ComputerOne:
- SQL Server 2008 R2 Express
- Windows Authorization (user ComputerOne\User1)
- Databases: DbA, DbB, DbC and DbD
ComputerTwo:
- SQL Server 2008 R2 Express
- Windows Authorization (user ComputerTwo\User2)
- Database: DbX
ComputerTwo has access to ComputerOne (and ComputerOne's SQL instance) and I wish it to be able to access ONLY DbC (not DbA, DbB or DbD). I don't mind if it 'sees' the other remote databases, but I don't want it to be able to do *anything* with them)
How can I achieve this?
December 1, 2015 at 11:05 am
Give the login that's used rights to access only the DB that it should be able to see and no other permissions. By default a login has no permissions at all, you grant just the permissions that it needs for the person using it to do their job and no more.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
December 1, 2015 at 11:15 am
GilaMonster (12/1/2015)
Give the login that's used rights to access only the DB that it should be able to see and no other permissions. By default a login has no permissions at all, you grant just the permissions that it needs for the person using it to do their job and no more.
How do I tell the ComputerOne to deny permissiones to a user on ComputerTwo? (remember I'm using Windows Authentication)
Can you give me some pointers as to what I should Deny?
Thanks,
Martin.
December 1, 2015 at 11:18 am
I said nothing about deny, and it's nothing to do with the computers being used.
A login to SQL Server starts with no permissions. So take the login that's being used (you need to check your setup and see what logins are being used to access the instances) and grant that login just access to the DB that you want the user of that login to have access to.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
December 1, 2015 at 11:24 am
GilaMonster (12/1/2015)
I said nothing about deny, and it's nothing to do with the computers being used.A login to SQL Server starts with no permissions. So take the login that's being used (you need to check your setup and see what logins are being used to access the instances) and grant that login just access to the DB that you want the user of that login to have access to.
Very true, Deny was not mentioned, I was winging it!
Ok, so I grant access to the particular login being used. Can you tell me how to find out which login is being used?
Thanks (again!)
Martin.
December 1, 2015 at 11:29 am
Check the application being used to access SQL and see what it's logging in as. If it's Windows Authentication, then it'll be something like <domain>\<logged in user> or <computer>\<logged in user>
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
December 1, 2015 at 11:36 am
Go it!
I'll do the tests tomorrow and post the results here.
Much appreciated!
December 3, 2015 at 5:09 am
That worked just fine, thanks Gail.
Viewing 8 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply