December 21, 2005 at 12:34 pm
I read some documentations on using this feature and would like to confirm that, every user (including sysadmin users) will be treated the same way when he/her connects to the database by this role.
And, if somebody captures the name and password of this application role illegally, can he logs into the database through other client tools by activating this role using the sp_setapprole system stored procedure from command line (just like the application does)?
Thanks in advance.
Judy
December 21, 2005 at 2:42 pm
If someone activates the role, then they are treated the same. I believe you'd need to disconnect and reconnect to change this.
If someone does steal the pwd, then they could activate this role from QA, Access, etc.
December 21, 2005 at 10:08 pm
Yes, in a nutshell, when an application role is activated, the user/login "becomes" the application role. The login/user identity and any other permissions or rights are essentially lost.
And as far as re-use of the application role, if the application allows you to execute an SQL command, you can activate the application role and gain whatever access it has, provided you first have access to the database.
K. Brian Kelley
@kbriankelley
December 22, 2005 at 9:03 am
Thanks for both of you on your helpful information. Have a great new year. -- Judy
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply