Helo,
I've got an application wich uses application roles... The problem is that
some of this users must add and remove users from the SQL Server. Since the
application role overrides the user settings I need to find a way for the
user to abandon the application role in order to gran or deny database
access, as well as adding or removing user logins from the SQL Server.
I have not found a way to abandon the application role in order to execute
this commands... or a way wich I could execute this commands without leaving
the application role.
Any one has a solution for this "problem"?
Thank you in advance.Juan
Just a guess
Perhaps you need to create a second app role with an appropriate permissions
and within the appliaction to check out to which of app role to set up.
"Juan" <ssccrriipptteerr@.tteerrrraa.eess> wrote in message
news:erFNliNwEHA.1976@.TK2MSFTNGP09.phx.gbl...
> Helo,
> I've got an application wich uses application roles... The problem is that
> some of this users must add and remove users from the SQL Server. Since
the
> application role overrides the user settings I need to find a way for the
> user to abandon the application role in order to gran or deny database
> access, as well as adding or removing user logins from the SQL Server.
> I have not found a way to abandon the application role in order to execute
> this commands... or a way wich I could execute this commands without
leaving
> the application role.
> Any one has a solution for this "problem"?
> Thank you in advance.
>|||I've been thinking about this a couple of days while reimplementing the
application...
If I use an application role I loose all the user privileges, therefore I'm
not part of the securityadministrators, therefore I can't add logins to my
server, neither I can grant database access. I need this for some of my
users (Finally I made this users a user role, and left all others as
Application roles).
As well, you can't grant the application Role security admin privileges,
since its not a session login on the server, and it's specific to a
database...
I guess I'll have to use my changes in the application (Application roles
for everyone except those who need the ability to add users)...
"Uri Dimant" <urid@.iscar.co.il> escribi en el mensaje
news:#lmA68YwEHA.1524@.TK2MSFTNGP09.phx.gbl...
> Juan
> Just a guess
> Perhaps you need to create a second app role with an appropriate
permissions
> and within the appliaction to check out to which of app role to set up.
>
>
> "Juan" <ssccrriipptteerr@.tteerrrraa.eess> wrote in message
> news:erFNliNwEHA.1976@.TK2MSFTNGP09.phx.gbl...
that[vbcol=seagreen]
> the
the[vbcol=seagreen]
execute[vbcol=seagreen]
> leaving
>|||Hi Juan,
Since the application role is only actived via application, you may still
let your users using the application role when they are using the
application, but make separate SQL connections using their own SQL login
accounts to add users/grant DB access.
Thanks,
Lan Lewis-Bevan
MS SQL support
This posting is provided "AS IS" with no warranties, and confers no rights.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment