Tuesday, March 27, 2012

addning roles to a user

being used to how Oracle works with users and roles I am confused as to how
I
can create an application role and then give it to a user such as dbo. Can
anyone point me in the right direction?
Thanks,
SteveAn application role is built at the database level., Not server level. is
built in the same way as a database user. Doesn't need to be attached to a
login account. This kind of role only have access to that database. Is
commonly used to allow programmers to add it to applications when they don't
want the authentication of the user.
"Steven.Dahlin" wrote:

> being used to how Oracle works with users and roles I am confused as to ho
w I
> can create an application role and then give it to a user such as dbo. Ca
n
> anyone point me in the right direction?
> Thanks,
> Steve|||Let me explain what I need. The app will have some people who can be admins
for the application. I wanted to test for the role to see if they were an
"admin". Those who had the role could access the admin functions, those who
did not would find the admin menu option greyed out. How could I accomplish
this?
Thanks,
Steve|||Database roles define the security at the database level. Perhaps you can
match those application admin functions with database permissions and do
something like this:
Create your database roles
Give permissions to the roles
Add users to your roles
In your application use is_member to validate role membership and decide if
the admin functions will be enabled or disabled
Hope this helps,
Ben Nevarez, MCDBA, OCP
"Steven.Dahlin" <StevenDahlin@.discussions.microsoft.com> wrote in message
news:688B48A7-BC6F-47FF-AA66-3184D432C21D@.microsoft.com...
> Let me explain what I need. The app will have some people who can be
> admins
> for the application. I wanted to test for the role to see if they were an
> "admin". Those who had the role could access the admin functions, those
> who
> did not would find the admin menu option greyed out. How could I
> accomplish
> this?
> Thanks,
> Steve|||I created a "standard" role called "TestRole". Then I went to the list of
users and selected "dbo". I tried adding "TestRole" but I received a messag
e
"Error 15405: Cannot use the reserved user or role name 'dbo'". I have
looked thru various sources to try to understand this but nothing really
straightforward explains what the problem is.
Steve|||Hi Steve
I didn't realize your other post was part of this bigger thread.
But my response still holds. The point of an app role is to give someone
temporarily more privileges than they usually have, and since the user dbo
has full privileges in a db, it is not a good one to test with.
Please look again at Ben's suggestions and if you don't have any other users
than dbo, you'll have to create a user with NO privileges, then set the app
role, then check to see that users enhanced permissions.
HTH
Kalen Delaney, SQL Server MVP
www.solidqualitylearning.com
"Steven.Dahlin" <StevenDahlin@.discussions.microsoft.com> wrote in message
news:8B5B3ADA-F6AF-44FA-9DAC-940C5930A682@.microsoft.com...
>I created a "standard" role called "TestRole". Then I went to the list of
> users and selected "dbo". I tried adding "TestRole" but I received a
> message
> "Error 15405: Cannot use the reserved user or role name 'dbo'". I have
> looked thru various sources to try to understand this but nothing really
> straightforward explains what the problem is.
> Steve
>

No comments:

Post a Comment