Issue :
Our systems require that every user is registered as an administrator on SQL server. This works fine if you have SQL 7 (or earlier) and are able to add any user name and assign permissions to that user. With certain installations of SQL 2000 (or later editions), only users that are on the same network as the server are allowed to be added as users on the database. This causes our system to malfunction during reporting, since the user needs to be a database owner and have tables created within the database with 'dbo' prefix (or be a dbo owner of the database) and not the 'username' prefix.Resolution :
In the security properties of the user, enable the 'Database Creators' security option of the user and also enable 'db_Owner', 'db_DataReader', 'db_DataWriter' access options. This should enable the user to create our temporary reporting tables as a 'dbo' owner and not a 'username' owner.
2 comments:
Not a good idea...giving a user the db_owner permissions?
You've obviously never had your software run through a security audit!
We've seen users link to SQL server databases using Access (which is a piece of cake)...first they query data using access - next thing you know they're editing records directly within accessas they please - serious security risk!
Cheers,
Jimmy
Thanks for your comment Jimmy !
We've one client using the MS Acces linked with SQL (strangely stable !)
But seriously, only small groups of users per company use our software. They are required to undergo a training course before using the system and we don't expect malicious users logging into the systems. Every user's activity is logged on SQL so the bad apple can be identified if required.
I've always reasoned that the person desperate enough to change data within a database, won't let something like user access stand in their way ?
Post a Comment