tags:

views:

49

answers:

3
Q: 

Connect to SQL Server to run T-SQL use other's domain account.

Hi all

In our database we have an SQL server account that has the correct roles to access some of the databases. All of our PC and Servers are in domain using Windows Account. Now there is ASP.NET web application, we want the users in the domain to browser some data in the sql server. But we do not want to grant direct permission to every person, so is it possible to connect to sql server and run some T-SQL without granting permission to users using one specify account?

Best Regards,

A: 

Create views (or stored procedures) and lock them down to a custom role. Place those users you want to have access in a domain group, and place that group in the custom role.

Overview of SQL Server security model and security best practices

Mitch Wheat  2010-03-01 05:42:27
But sometimes,the users need update some records in the sql.
Yongwei Xing  2010-03-01 05:43:55
what sql? what do you mean?
Mitch Wheat  2010-03-01 05:45:40
Sorry for being unclear.The view is only for view, sometimes, the users also need update or delete the record in sql server.
Yongwei Xing  2010-03-01 05:48:24
views can be updatable (depending on what they contain in their definition)
Mitch Wheat  2010-03-01 05:49:20
A: 

well, if the asp.net is inside the domain on the intranet, then you can create a GROUP in AD, and tie that to an account with the appropriate permissions in SQL Server. Then, turn off anonymous access on the ASP.NEt application, and have it go to town.

Stephen Wrighton  2010-03-01 05:43:05
Does it mean that I can not use a specify account to instead of users' account to connect to the sql server?
Yongwei Xing  2010-03-01 05:51:20
Stephen Wrighton  2010-03-01 14:01:55
A: 

You can look at Security Account Delegation (aka passthrough authentication) to enable the NT logon token to be passed to SQL

Google search... there is a lot of good stuff, probably better than one specific link

gbn  2010-03-01 07:47:11

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?