[dba-VB] I'm getting nowhere

Michael R Mattys michael at mattysconsulting.com
Fri Feb 25 15:51:08 CST 2011

Hello John,

I am Michael's brother Eric.
I think you only have to uncheck the "Use Trusted Connection" box in MS
Access.  That checkbox is for Windows Security.
Your user is set up under SQL Security.

Best Regards,

Eric B. Mattys
Mattys Consulting, LLC
(585) 300-0181

-----Original Message-----
From: dba-vb-bounces at databaseadvisors.com
[mailto:dba-vb-bounces at databaseadvisors.com] On Behalf Of jwcolby
Sent: Saturday, February 19, 2011 2:54 PM
To: Sqlserver-Dba; VBA; Access Developers discussion and problem solving
Subject: [dba-VB] I'm getting nowhere

I am getting nowhere on understanding SQL Server security.  Microsoft
provides us with SQL Server Express which implies that joe blow (me) is
going to install / maintain it.

I am not a SQL Server Admin and I cannot afford to spend the time to be one.

Google is my friend.  BOL is not.

Except that Google is taking me to these places where I am expected to
already know how this stuff works, and then wants to make me a *better*
administrator.  Which of course is useless because I am not an administrator
at all.

OTOH I am not stupid.  If I could find something that started at the "This
is SQL Server security" 
basics I could learn this stuff.  Before anyone says "RTFM (BOL)" let me
simply say, "not happening".  I have tried BOL and it simply sucks for my
level of expertise (my opinion of course). 
  If that is your advice, simply stay out of this thread.  Thanks!

So... my needs:

I need to set up several SQL Server databases for use by different, very
small groups (5-20 people) of entirely unrelated people.  What I mean by
that is that each DB is for a different "company" if you will.  I need to
access these databases from C#.  I understand the group / user paradigm.  I
would like to create groups and users.  Specific groups can do specific
things in the database, some can see data but not modify it.  Some can add
records in specific tables but not others.  Some can run reports (view).

I do *NOT* want to create windows level groups and users if I can avoid it.
These are people that I do not necessarily know and I do not want to give
them any rights at the machine level, and I prefer to not maintain such
lists at the machine level.

Unfortunately SQL Server does not seem to model Groups / users.  I go into
SQL Server and see a security tab.  It has "logins".  Is that a user?  A
specific ability to log in with a password?  To what?  The server itself?  A
specific database?  Groups of databases?

I see "roles" but these appear to be aimed at the server and none of these
people are going to be doing anything at the server level.

Can I safely ignore everything under the server security tab?

I go to a database and I see a security tab.  It has users and roles.
Hmm... better (I would think).  I would like to add users "under" the
specific database that the user will access.

So I try to add a new user but I do not see anywhere to require a password.

I go into roles and I do not see any predefined role that looks like it
would be useful to me in meeting my needs described above.  If I look at
"add new role" it asks for a password.  The User / group model does nto
assign passwords at the group level which implies that a role is not a group
at the user / group paradigm.

Is it just me, or is SQL Server security just... different?  Am I correct in
assuming that it doesn't implement a user / group paradigm?

And more importantly, where can I go to get a plain, simple, English
description of how this mess works?

And please excuse the tone that results from my frustration.  The only help
documents that I have found (and I have extensive lists of bookmarked web
pages) so far assume that I am an administrator. 
  I am not, and cannot afford to become one.  And yet MS pushes SQL Express
as if I (non-admin) should be able to use this as a data store pool.


John W. Colby
dba-VB mailing list
dba-VB at databaseadvisors.com

More information about the dba-VB mailing list