SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


First SQL Database


First SQL Database

Author
Message
kerry-1033178
kerry-1033178
Grasshopper
Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)

Group: General Forum Members
Points: 22 Visits: 11
Hi
Apologies is this seems like a very basic question! I am new to sql having worked in access for the last few years.
I've setup a new sql database by upsizing my access database. I know need to connect to it from my web application, I'm planning to use a dsn string.
My question is do I need to setup a specific user account for my database so I can use this username and pw in my string? How would I go about doing this and what permissions would I need to set?
Many thanks
Gianluca Sartori
Gianluca Sartori
SSChampion
SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)

Group: General Forum Members
Points: 12520 Visits: 13351
I would create a low permission user (low means as few as possibile), with windows authentication.
If you use a DSN entry, I'm not sure you can use NT authentication, so maybe you'll need to switch to a SQL user.

Your question is quite generic, so with that little information this is the best I can do.

Regards
Gianluca

--Gianluca Sartori

How to post T-SQL questions
spaghettidba.com
@spaghettidba
Roy Ernest
Roy Ernest
SSCarpal Tunnel
SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)

Group: General Forum Members
Points: 4762 Visits: 6870
First you will have to create a login and then grant access to DB that the user will connect. It can be a windows user or SQL User depending on your choice of connection.
Once that is done, give access to execute the Stored procs that you have created.
Those are the basic things that we can advice you with the limited info you provided.

-Roy
GSquared
GSquared
SSC-Dedicated
SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)

Group: General Forum Members
Points: 30143 Visits: 9730
Your connection string can either have a specific username and password in it, or it can use integrated security (Windows security). I haven't set one up in a while, but I think it's something about "trusted connection=yes" or something like that.

The disadvantage to including the username and password in the connection string is that this can then be captured pretty easily and used to hack your database. Of course, if it's connecting from a web server on your LAN to a database server on the same LAN, it's unlikely to be hacked that way. It's mainly an issue if the application will ever be used from a desktop machine.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
kerry-1033178
kerry-1033178
Grasshopper
Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)

Group: General Forum Members
Points: 22 Visits: 11
Hi
Thanks for the help. I have setup a SQL user and granted access for that user to the database.
I'm not sure what permissions I need to set for this user or how I give access to execute the stored procs, could you tell me how I would do this?
Many thanks
Roy Ernest
Roy Ernest
SSCarpal Tunnel
SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)

Group: General Forum Members
Points: 4762 Visits: 6870
Kerry,
Are you going to use only Stored Procs from your App? If so then you can give permission to execute to each seperate sp.

Grant execute on STOREDPROCNAME to USERYOUCREATED

-Roy
kerry-1033178
kerry-1033178
Grasshopper
Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)

Group: General Forum Members
Points: 22 Visits: 11
Hi
Thanks very much for the help - it's all working now :-)
Steve Jones
Steve Jones
SSC Guru
SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)

Group: Administrators
Points: 81605 Visits: 19210
Kerry,

A couple things. First I edited the subject so as not to disclose your email. I'd be wary of that.

Second, I'd create a role. Right click Roles, new role, and then GRANT permissions to the role. Add the user to the role and you'll be able to then "duplicate" the permissions with other users if needed.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
kerry-1033178
kerry-1033178
Grasshopper
Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)

Group: General Forum Members
Points: 22 Visits: 11
OK thank you for the help - I didn't mean to put my email here but wasn't sure how to change it.
Brandie Tarvin
Brandie Tarvin
SSCoach
SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)

Group: General Forum Members
Points: 19621 Visits: 9102
One thing not previously mentioned, which happens in our environment all the time. If you have procs constantly added to the database which the client needs to use and this database is soley dedicated to this one purpose alone, then you can grant execute on the Schema instead of granting execute on individual procs.

WARNING: Re-read the above caveats before using this code! It can create security issues if you grant it on the wrong database or grant it without knowing the consequences!


Grant Execute on Schema::dbo to [MySQLLogin];



Of course "dbo" would be replaced with the schema name and if you're using a windows login, chances are "MYSQLLogin" would be changed to "MyDomain\MyLogin".

The great thing about this, if you have a dedicated environment, is you're not constantly running back and forth to grant permissions on new procs. On the other hand, as I said above, this can open up a whole can of security worms if you're not careful when and where you use it.

Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search