September 9, 2009 at 5:38 am
Hi All,
We're having a problem with an upgrade from SQL Server 200 to 2005 that hopefully someone can offer some advice with?
Our 3rd party software connects to the database via ODBC connections using windows authentication. The software then invokes an application role and all subeqeuent queries are permissioned based on the application role.
However, we are finding that in the upgraded database (on a newly build windows server), the application cannot establish the connection to the database in the first instance to invoke the application role.
All the users of the application are grouped into one windows domain group. If we add this group to the admin group on the Server hosting the database, then the application can connect to the DB, invoke the application role and everything is fine. This appraoch won't wash in the long term as the users should really have no access to the windows server at all but despite numerous efforts we can't find a way around this.
We don't really understand why the work around of adding the user group to admin on the server works at all so any suggestions or explanations of the feature of SQL Server that I have not understood would be gratefully received.
Thanks,
Matt
September 9, 2009 at 7:32 am
mattaustin (9/9/2009)
Hi All,We're having a problem with an upgrade from SQL Server 200 to 2005 that hopefully someone can offer some advice with?
Our 3rd party software connects to the database via ODBC connections using windows authentication. The software then invokes an application role and all subeqeuent queries are permissioned based on the application role.
However, we are finding that in the upgraded database (on a newly build windows server), the application cannot establish the connection to the database in the first instance to invoke the application role.
All the users of the application are grouped into one windows domain group. If we add this group to the admin group on the Server hosting the database, then the application can connect to the DB, invoke the application role and everything is fine. This appraoch won't wash in the long term as the users should really have no access to the windows server at all but despite numerous efforts we can't find a way around this.
We don't really understand why the work around of adding the user group to admin on the server works at all so any suggestions or explanations of the feature of SQL Server that I have not understood would be gratefully received.
Thanks,
Matt
just out of curiosity is the builtin/administrators login on your sql server, or is the local admin domain group a member of sysadmin.
I would personally check to see what logins are part of the sysadmin group. and look at logins have elevated priviledges on your server.
what rights does the windows login have, you might need to elevate the rights that it has so it can do what it needs to do, this should stop you having to put it in the local server admin group.
--------------------------------------------------------------------------------------
[highlight]Recommended Articles on How to help us help you and[/highlight]
[highlight]solve commonly asked questions[/highlight]
Forum Etiquette: How to post data/code on a forum to get the best help by Jeff Moden[/url]
Managing Transaction Logs by Gail Shaw[/url]
How to post Performance problems by Gail Shaw[/url]
Help, my database is corrupt. Now what? by Gail Shaw[/url]
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply