CC85
asked on
SQL Windows authentication for same name accounts
I have a program written in VB.NET that accesses data in a SQL 2000 database. It uses an ODBC System DSN data source to connect, configured on Windows authentication. For each user that needs access, I have added domain\user to the Logins in SQL Enterprise Manager and given the user public access to the relevant database. Everything works as intended.
Where there is an issue is that some users have a SQL login that matches their domain login for the same database. When I attempt to grant access to the database, it indicates the user already exists. For example, domain\jsmith has a SQL account jsmith. I can create domain\jsmith in EM, but I cannot grant them database access as it says user jsmith already exists.
In attempt to remedy the issue, I changed the ODBC System DSN to SQL authentication, specifying a valid SQL login and password. When I attempt to run the program it gives: "ERROR [28000] [Microsoft ODBC SQL Server Driver] [SQL Server] Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection." (For testing, I tried the 'sa' account, and even this doesn't work.)
-Scott
Where there is an issue is that some users have a SQL login that matches their domain login for the same database. When I attempt to grant access to the database, it indicates the user already exists. For example, domain\jsmith has a SQL account jsmith. I can create domain\jsmith in EM, but I cannot grant them database access as it says user jsmith already exists.
In attempt to remedy the issue, I changed the ODBC System DSN to SQL authentication, specifying a valid SQL login and password. When I attempt to run the program it gives: "ERROR [28000] [Microsoft ODBC SQL Server Driver] [SQL Server] Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection." (For testing, I tried the 'sa' account, and even this doesn't work.)
-Scott
ASKER
In the database properties permissions tab under user/role, the only users I see are those that already have access to this particular database.
I'm able to create a login for domain\jsmith but when I go to the Database Access tab of the Login Properties box I cannot give them database access. It gives: Error 21002: [SQL-DMO]User 'jsmith' already exists. (I am unable to delete the SQL login for "jsmith" because another software program requires SQL logins for all users.)
I'm able to create a login for domain\jsmith but when I go to the Database Access tab of the Login Properties box I cannot give them database access. It gives: Error 21002: [SQL-DMO]User 'jsmith' already exists. (I am unable to delete the SQL login for "jsmith" because another software program requires SQL logins for all users.)
You give them permissions through the database as I described.
If you don't see them, then add them by clicking the Add or Search button.
Then click Browse.
There, you see a bunch of users, including the ones you are looking for.
Select it, then look for the appropriate permission as I described like SELEcT
If you don't see them, then add them by clicking the Add or Search button.
Then click Browse.
There, you see a bunch of users, including the ones you are looking for.
Select it, then look for the appropriate permission as I described like SELEcT
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
the error you're geting is because the user allready exists on the databse login table ... let me know if my solution works ..
ASKER
I'm not seeing what you're describing. In Enterprise Manager, Console Root>MSSQL Servers>SQL Server Group>Server>Databases>MyD
ASKER
coolfiger - Correct, the user exists as a SQL account using SQL authentication and as domain\user using Windows authentication (two accounts "jsmith" (SQL) and "domain\jsmith" (Windows)). "Jsmith" with SQL authenticiation is required for another software program, so deleting "jsmith" and leaving only "domain\jsmith" is not an option.
ASKER
Created a new security group in Active Directory and added the users. Added domain\ODBC group to SQL logins, granted database access. Access achieved without adding every user\domain and conflicting with existing accounts.
glad to have helped !
Then try giving the user READ access by going to your db and right-click on it.
Select Properties
click on Permissions
Select the name you wish to give permission to and check the appropriate box, in your case SELECT box and I think that should take care of it.