May 23, 2011 at 9:17 am
Hi,
I have a number of servers that have multiple "reporting" users set up using a host of naming conventions:
App1_Reports, App2_Reports, Reports, ReportUser...
They all tend to have the same simple roles but I can never tell if they are still being used.
Going forward I would like to start establishing a few "generic" logins that I would standardize across all servers. For example, I would like to create 1 Login for reporting applications like SSRS, MS Access or Crystal. I would name it something like "ReportUser" and give it enough rights to simply run reports.
The upside is I have a reliable "known" account to use when developing reports, reduction of accounts established and maintained on SQL Server.
The downside is all logs and (error and otherwise) will be showing ReportUser as the user and not giving good identification of the item.
Do any of you have any suggestions for the use of system wide generic logins?
Thanks
May 23, 2011 at 9:31 am
Are these roles or users?
Roles exist to make the management of users easier. Users are there for security. Having a single generic login may compromise your security. If you have a generic login, then you cannot easily separate reports out by security if you need it.
Tracking which users are in use is a matter of having a mechanism to do do. You can audit logins, or run a trace or something else. Reducing the number of logins is not necessarily the solution if it doesn't fit your environment. The logins don't hurt anything on the server to be there, other than they are an point that you need to audit.
However if the logins are used for different reports/databases, then you can also audit if those reports are being run. If they are, then you know the login is being used.
May 23, 2011 at 9:39 am
Be careful about standardising your users in this way. Although it simplifies administration, it's a security risk since it means that giving someone (or something) access to one thing gives them access to everything. Also, if an account becomes locked out, all servers will come to a halt and not just one.
John
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply