We help IT Professionals succeed at work.

Creating SQL Server Logins from application interface

176 Views
Last Modified: 2010-04-21
Hi Everyone,

We have a vb.net 2005 application with a SQL Server 2005 Backend
SQL Authentication is used to authenticate users.

We need to change the application to allow application administrator's to create users using the front end interface.

We have a store procedure that creates the logins, no problem there, the problem is that the account that the application uses needs to be on the  Server role 'securityadmin" otherwise, will not run.

There is a concern that the application account has elevated privileges on the server and can access other DBs.

Is there a way to create logins but restrict the user that the application uses to create the login to only one database?

Any idea is very welcome

Jorge
Comment
Watch Question

Commented:
Try to use EXECUTE AS clause in your stored procedure definition to execute the procedure in a context of SecurityAdmins member.

Commented:
Oh, and btw, having a login does not guarantee database access. You have to create a user in a database and grant some permissions to this user.

Author

Commented:
Hi brejk,

Thank you for your comment,
In that case I thing that the SP needs to have user name and password to do the impersonation...Im I right?
Then there will be a breach to other databases... that is what we would like to prevent.

Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Brejk ,Thank you very much for your solution.

Yes, that was the solution I was looking for, the key here is that the account that runs the SP does not have any other permmision than execute, so the passsword used for impersonation will not be exposed.

That gives you an A!

Thanks again

Jorge
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.