May 22, 2009 at 8:25 am
Hi,
The following question might be really easy, but I cannot find any documentation on the subject, it might be too easy...
All I know from security is that you can give sysadmin rights to the developpers, and that is the only thing we do on our sql servers.
What we want to do, is simply give select rights on a specific database, for a group of users (Auditors), who require to see the data in Excel.
I would like to link this through the Windows Authentification, so they would not have to remember any passwords.
Is there a link you can give me, or a simple solution to put me on track. I think you can give rights using GRANT, but should I create a user at the database level, or server level, do I have to link them? I'm really a beginner at security.
Thanks,
Cheers,
J-F
May 22, 2009 at 9:29 am
Hi J-F,
You are on the right track. There are some things you can do.
1. Giving Developers Sysadmin rights to production DB could be very very harmful to your Good nights sleep. 🙂
2. For the Auditors, you can add each of these Windows users as Logins to the database. Add those logins to your DB where they need to do selects as a user with db_datareader role.
3. Or you can create a group in Domain and do the same thing to the group.
-Roy
May 22, 2009 at 12:10 pm
Thanks Roy, this has helped a lot, I understood a bit more how the security works, like by Database. This all looked like really complicated at first, but looks better now.
Is there any good documentation I can read up on the subject, or do can you propose a book?
Thanks,
Cheers,
J-F
May 22, 2009 at 12:46 pm
Best thing would be to search this site itself. There are lots of articles written by Brian Kelley, one of the best SQL Security guys you can find.
-Roy
May 22, 2009 at 12:53 pm
There is also quite a bit of information in Books Online, so read it as well. What doesn't make sence there, come here and ask questions. Plenty of people here that are willing to help you learn.
May 22, 2009 at 1:01 pm
Thanks guys, I'll keep on looking on BOL, and try to make sense of it all.
I'll also check for articles by Brian Kelley,
Thanks again,
Cheers,
J-F
May 22, 2009 at 1:03 pm
J-F Bergeron (5/22/2009)
Thanks guys, I'll keep on looking on BOL, and try to make sense of it all.I'll also check for articles by Brian Kelley,
Thanks again,
He also has a blog on SSC. You may want to check that out as well.
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply