[dba-VB] I'm getting nowhere

Robert Stewart raibeart at gmail.com
Tue Mar 8 11:44:25 CST 2011


John,

Logins:  If you are in mixed mode, which for your application you 
should be, every "group" will have it's own login with a password.

User:  References a login.  A user is given rights to a database and 
specific objects in a database.

Roles:  Generally, you can assign DataReader and DataWriter roles to 
a User in a database to give them CRUD rights to tables.  You will 
need to GRANT EXECUTE rights to stored procedures.

Does that help?

Robert

At 09:22 AM 3/7/2011, you wrote:
>From: dba-vb-bounces at databaseadvisors.com
>[mailto:dba-vb-bounces at databaseadvisors.com] On Behalf Of jwcolby
>Sent: Saturday, February 19, 2011 2:54 PM
>To: Sqlserver-Dba; VBA; Access Developers discussion and problem solving
>Subject: [dba-VB] I'm getting nowhere
>
>I am getting nowhere on understanding SQL Server security.  Microsoft
>provides us with SQL Server Express which implies that joe blow (me) is
>going to install / maintain it.
>
>I am not a SQL Server Admin and I cannot afford to spend the time to be one.
>
>Google is my friend.  BOL is not.
>
>Except that Google is taking me to these places where I am expected to
>already know how this stuff works, and then wants to make me a *better*
>administrator.  Which of course is useless because I am not an administrator
>at all.
>
>OTOH I am not stupid.  If I could find something that started at the "This
>is SQL Server security"
>basics I could learn this stuff.  Before anyone says "RTFM (BOL)" let me
>simply say, "not happening".  I have tried BOL and it simply sucks for my
>level of expertise (my opinion of course).
>   If that is your advice, simply stay out of this thread.  Thanks!
>
>So... my needs:
>
>I need to set up several SQL Server databases for use by different, very
>small groups (5-20 people) of entirely unrelated people.  What I mean by
>that is that each DB is for a different "company" if you will.  I need to
>access these databases from C#.  I understand the group / user paradigm.  I
>would like to create groups and users.  Specific groups can do specific
>things in the database, some can see data but not modify it.  Some can add
>records in specific tables but not others.  Some can run reports (view).
>
>I do *NOT* want to create windows level groups and users if I can avoid it.
>These are people that I do not necessarily know and I do not want to give
>them any rights at the machine level, and I prefer to not maintain such
>lists at the machine level.
>
>Unfortunately SQL Server does not seem to model Groups / users.  I go into
>SQL Server and see a security tab.  It has "logins".  Is that a user?  A
>specific ability to log in with a password?  To what?  The server itself?  A
>specific database?  Groups of databases?
>
>I see "roles" but these appear to be aimed at the server and none of these
>people are going to be doing anything at the server level.
>
>Can I safely ignore everything under the server security tab?
>
>I go to a database and I see a security tab.  It has users and roles.
>Hmm... better (I would think).  I would like to add users "under" the
>specific database that the user will access.
>
>So I try to add a new user but I do not see anywhere to require a password.
>Hmmm...
>
>I go into roles and I do not see any predefined role that looks like it
>would be useful to me in meeting my needs described above.  If I look at
>"add new role" it asks for a password.  The User / group model does nto
>assign passwords at the group level which implies that a role is not a group
>at the user / group paradigm.
>
>Is it just me, or is SQL Server security just... different?  Am I correct in
>assuming that it doesn't implement a user / group paradigm?
>
>And more importantly, where can I go to get a plain, simple, English
>description of how this mess works?
>
>And please excuse the tone that results from my frustration.  The only help
>documents that I have found (and I have extensive lists of bookmarked web
>pages) so far assume that I am an administrator.
>   I am not, and cannot afford to become one.  And yet MS pushes SQL Express
>as if I (non-admin) should be able to use this as a data store pool.
>
>Help!
>
>--
>John W. Colby
>www.ColbyConsulting.com
>_______________________________________________



More information about the dba-VB mailing list