June 13, 2012 at 11:17 am
Can someone explain me how to tackle this scenario:
We have a scenario, where Test users can get RWX access onto applications, but the same Test users should get only Read access onto database. We have created a single functional ID for Test users on database where they have only Read access. But my organization requirement is to have these test users with R,W,X, on applications. Does anyone have any idea how to deal with this issue.
June 13, 2012 at 11:30 am
DBA_SQL (6/13/2012)
Can someone explain me how to tackle this scenario:We have a scenario, where Test users can get RWX access onto applications, but the same Test users should get only Read access onto database. We have created a single functional ID for Test users on database where they have only Read access. But my organization requirement is to have these test users with R,W,X, on applications. Does anyone have any idea how to deal with this issue.
Just to clarify, when users connect directly to the database, they should have only read permissions, but when they connect using the same credentials through the application, they should have expanded access?
June 13, 2012 at 11:44 am
Yes...you are right...
June 13, 2012 at 4:20 pm
Usually, the application takes care of it's own security and then connects to the database with a service account that has the necesary access.
June 13, 2012 at 4:57 pm
The application where the users are trying to connect has the same credentials where they connect to the database. we want some trigger/ proc where when users connect to database..it should not allow them to do R,W,X..but when they work through application..they can do R,W,X.
June 13, 2012 at 9:09 pm
This is a tricky thing to accomplish.
First issue is that the application name passed from the client can be easily changed, so you can't positively identify what application is really connecting.
The only real option is to use an application role.
an application role is a security principal inside a database that is password protected.
you embed the password into your application. When your application connects, the first thing it should do is use the password to switch to the application role's elevated permissions.
That's about the only way to do it.
June 14, 2012 at 7:17 am
This URL is helping me little bit..
June 15, 2012 at 8:15 am
Does anyone know how to set a user an application role? I am still in process of assigning a single user with different level of access, as one if he logons through SSMS they should have only "Read" access and if the same user logon through an application they should have " R,W,X" access.
June 15, 2012 at 2:13 pm
DBA_SQL (6/15/2012)
Does anyone know how to set a user an application role? I am still in process of assigning a single user with different level of access, as one if he logons through SSMS they should have only "Read" access and if the same user logon through an application they should have " R,W,X" access.
Is this user a developer?
Regards,
TA.
Regards,
SQLisAwe5oMe.
June 15, 2012 at 2:37 pm
SQLCrazyCertified (6/15/2012)
DBA_SQL (6/15/2012)
Does anyone know how to set a user an application role? I am still in process of assigning a single user with different level of access, as one if he logons through SSMS they should have only "Read" access and if the same user logon through an application they should have " R,W,X" access.Is this user a developer?
Regards,
TA.
Try this link.
http://msdn.microsoft.com/en-us/library/ms190998.aspx
Regards,
TA
Regards,
SQLisAwe5oMe.
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply