February 15, 2007 at 5:34 am
Hi
I have a question with regards to SQL security which I am totally confused on, if you have a SQL server service, let’s say Reporting or the new integration services.
On the server side, if there is a connection section in any of these built in applications e.g. Reporting, Integration services etc, and you select windows authentication, does it use the login you are currently logged on with on the server, or does it use the service start-up account?
Also the Network service account, what is this and how can it be managed?
I look forward to your reply.
February 15, 2007 at 7:12 am
The service accounts are for those programs to log themselves into Windows and start. If a client is connecting, they will use the account they logged onto the domain with.
The Network Service account is a new account that you can use for services. It is like Local System, but it also has network rights, the same rights as the server's computer account.
February 15, 2007 at 11:35 am
John,
I agree it could be confusing. The answer: "It Depends" . You have to read BOL for each particular service. For example that you use, Reporting Services, read this in BOL (SQL Server Books Online), this is installed with SQL Server:
Accounts in a Reporting Services Deployment
This is like a one page and it contains a picture which accounts are used where, including web and ASP.NET accounts.
Also:
http://msdn2.microsoft.com/en-us/library/ms159846.aspx
Connections and Accounts in a Reporting Services Deployment
http://msdn2.microsoft.com/en-us/library/ms187096.aspx
Understanding Execution Context
But is does not end here. There are concepts of credentials, proxies, context switching etc. It gets tricky with job executions and DTS (Integration Services) packages executions. I sometimes have to do something and have to run Profiler to see what account is actually connecting to the database and use Event Viewer to see what account is actually connecting to the server.
Regards,Yelena Varsha
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply