Data environments and SQL application roles?

[john]

Does anyone know how to use DE with SQL2000 application roles security?


John

[Taiwo]

SQL Server roles provide a way to manage authorization to SQL Server
objects. You set the authorization within SQL Server. You don't need to do
anything special in DE other than the way you build the connection string if
the accounts within the SQL Server roles are domain accounts or SQL Server
accounts.

If you're using SQL Server accounts in your SQL Server roles, you need to
specify the user id and password in the connection string.

If you're using domain accounts in your SQL Server roles, you don't need to
include the user id and password, but you need to set "Integrated
Security=SSPI" in your connection string.

Obviously, you can build both types of connection strings by using the "Data
Links Property" dialog.

On Windows 2000, for SQL Server roles that contain domain accounts (active
directory), if the logged on user will be going through more than one
machine (assuming you have middle tier servers) to reach SQL Server, you
must use Kerberos and, from your domain controller, you need to enable
"Trusted for Delegation" for the machines along the hop.

If you're using domain accounts in your SQL Server roles, you're using
Windows NT, and there's one or more machines between the user's computer and
the SQL Server box, you need to impersonate the user in the middle tier
boxes with a domain account that belongs in the appropriate SQL Server
roles. If you're using NT, I suggest you use SQL Server accounts within your
SQL Server roles, or if you prefer to use domain accounts, you should create
MTS roles, and run your MTS components under the identity of a domain
account that belongs to the appropriate SQL Server roles.

You may want to take a look at the book "Designing Secure Web-Based
Applications for Microsoft(r) Windows(r) 2000" at
http://www.amazon.com/exec/obidos/AS...1/sr=2-2/103-7
001481-2408657.

- Taiwo

"john" <jxl@virgin.net> wrote in message news:3b798f11@news.devx.com...
>
> Does anyone know how to use DE with SQL2000 application roles security?
>
>
> John
>

[john]

Hi,
thanks for the reply,
It's the connection string I'm having problems with, if I create a manual
connection I can connect and execute the stored procedure to activate the
aplication role then everything works fine, however in DE i cannot see a
way of activating the app role. any suggestions?


John

"Taiwo" <taiwo_a@hotmail.com> wrote:
>
>SQL Server roles provide a way to manage authorization to SQL Server
>objects. You set the authorization within SQL Server. You don't need to
do
>anything special in DE other than the way you build the connection string
if
>the accounts within the SQL Server roles are domain accounts or SQL Server
>accounts.
>
>If you're using SQL Server accounts in your SQL Server roles, you need to
>specify the user id and password in the connection string.
>
>If you're using domain accounts in your SQL Server roles, you don't need
to
>include the user id and password, but you need to set "Integrated
>Security=SSPI" in your connection string.
>
>Obviously, you can build both types of connection strings by using the "Data
>Links Property" dialog.
>
>On Windows 2000, for SQL Server roles that contain domain accounts (active
>directory), if the logged on user will be going through more than one
>machine (assuming you have middle tier servers) to reach SQL Server, you
>must use Kerberos and, from your domain controller, you need to enable
>"Trusted for Delegation" for the machines along the hop.
>
>If you're using domain accounts in your SQL Server roles, you're using
>Windows NT, and there's one or more machines between the user's computer
and
>the SQL Server box, you need to impersonate the user in the middle tier
>boxes with a domain account that belongs in the appropriate SQL Server
>roles. If you're using NT, I suggest you use SQL Server accounts within
your
>SQL Server roles, or if you prefer to use domain accounts, you should create
>MTS roles, and run your MTS components under the identity of a domain
>account that belongs to the appropriate SQL Server roles.
>
>You may want to take a look at the book "Designing Secure Web-Based
>Applications for Microsoft(r) Windows(r) 2000" at
>http://www.amazon.com/exec/obidos/AS...1/sr=2-2/103-7
>001481-2408657.
>
>- Taiwo
>
>"john" <jxl@virgin.net> wrote in message news:3b798f11@news.devx.com...
>>
>> Does anyone know how to use DE with SQL2000 application roles security?
>>
>>
>> John
>>
>
>