Post reply

Loginless User

  • August 5, 2010 at 9:53 am

    #387509

    hi,

    I m not getting the concept of Loginless User and use of this.

    kindly provide some information with example of this.

    I read a blog where mentioned that Loginless users are designed to replace application roles.

    how it works ...

    Regards,
    Shivrudra W

  • August 5, 2010 at 7:09 pm

    #1203203

    A user without a login can be used to grant access for other users to do things that they don't have permissions for. For example, if you use stored procedures for all data access then your normal users will not have any direct table permissions, but just EXECUTE permissions on the stored procedures. In this case if you have to use dynamic SQL in a procedure, ownership chaining does not work, so you need to either grant the necessary permissions for tables to the users, OR you can create a user without a login that has the necessary rights and use EXECUTE AS in the stored procedure definition.

    Jack Corbett
    Consultant - Straight Path Solutions
    Check out these links on how to get faster and more accurate answers:
    Forum Etiquette: How to post data/code on a forum to get the best help
    Need an Answer? Actually, No ... You Need a Question

  • September 9, 2010 at 1:10 pm

    #1218865

    Jack Corbett (8/5/2010)

    OR you can create a user without a login that has the necessary rights and use EXECUTE AS in the stored procedure definition.

    or you can (on 2005 and 2008) create a user from a certificate, grant permissions to the objects used in the dynamic SQL, and sign the procedure (ADD SIGNATURE) with this certificate. Then there is no need to use EXECUTE AS in the procedure.

  • September 10, 2010 at 5:36 am

    #1219095

    Nils Gustav Stråbø (9/9/2010)

    Jack Corbett (8/5/2010)

    OR you can create a user without a login that has the necessary rights and use EXECUTE AS in the stored procedure definition.

    or you can (on 2005 and 2008) create a user from a certificate, grant permissions to the objects used in the dynamic SQL, and sign the procedure (ADD SIGNATURE) with this certificate. Then there is no need to use EXECUTE AS in the procedure.

    Yup this works as well. It's a bit more complex.

    Jack Corbett
    Consultant - Straight Path Solutions
    Check out these links on how to get faster and more accurate answers:
    Forum Etiquette: How to post data/code on a forum to get the best help
    Need an Answer? Actually, No ... You Need a Question

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply