Solved

Windows login that is trusted on SQL Server 2005

Posted on 2014-11-19
2
96 Views
Last Modified: 2014-11-26
I guess this is a two part issue but would like to know how to do this in one step. When I create a user on the windows server it creates the user and mailbox on the exchange server but would like for it to also create a user on the SQL server that has trusted rights to run crystal reports we have created. Currently I have to create a new user on the SQL server which has public role assigned to the user but want them to also be trusted so they can run the reports. Right now they have to use the SA login to run the reports and I don't like that. I have read I need to give the sysadmin role to that user but that is like letting them use the SA login. How can I do this in one step and what role on the sql server can I give them that allows them to be trusted but not make modifications on the database?
0
Comment
Question by:tparus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 51

Expert Comment

by:Vitor Montalvão
ID: 40452718
Create an AD group and give that group permissions on SQL Server instead of a single user. Then, new users will be added directly to the AD group and will have automatically access to SQL Server.
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 40452728
This is indeed two-fold:
a) How to best manage trusted new users in MSSQL
b) How to set up the privs correctly

a) assign those folks to a user group in AD, and make an assignment for that AD group in MSSQL
b) usually you need nothing else than the datareader and datawriter roles (or datareader for read-only access)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question