I have an ASP website that uses SQL Server 2000 as its back end. It is
running successfully on SBS 2003--all on one machine. I am moving over to a
new domain which has the web site on one server and SQL Server 2000 on
another. I have progressed to the point where the web site comes up, but I
get error messages regarding permissions to SELECT, INSERT, etc. I can make
it work by setting the permission levels for each table, but I didn't need
to do that for the SBS setup. As far as I can tell, everything else is
configured the same way. I realize that I'm not giving you much information
at this point, but I'm hoping that this rings a bell of some sort and that
there is something I can do without having to set the permissions for each
table. Any ideas?Hi
In the SBS world, the user that was connecting to the DB was probably SA or
had dbo role, so no object level permissions would be required.
Now, you need them as probably you have different permission set. The old
way would not have been very secure at all, as a hacker could have free
reign of your DB.
Are you using SQL Security, and what roles does the login have?
Regards
--
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
IM: mike@.epprecht.net
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"WC Justice" <wcjhome@.cox-internet.com> wrote in message
news:I8Koe.8490$I_1.2047@.okepread02...
>I have an ASP website that uses SQL Server 2000 as its back end. It is
> running successfully on SBS 2003--all on one machine. I am moving over to
> a
> new domain which has the web site on one server and SQL Server 2000 on
> another. I have progressed to the point where the web site comes up, but
> I
> get error messages regarding permissions to SELECT, INSERT, etc. I can
> make
> it work by setting the permission levels for each table, but I didn't need
> to do that for the SBS setup. As far as I can tell, everything else is
> configured the same way. I realize that I'm not giving you much
> information
> at this point, but I'm hoping that this rings a bell of some sort and that
> there is something I can do without having to set the permissions for each
> table. Any ideas?
>|||I was using IUSR, with read permission only, and was using the following
connection string:
DSN=RLDP_SQL; UID=IUSR_WCJE05S;PWD=<>;DATABASE=RLDP_SQL;APP=ASPScript;
TRUSTED_CONNECTION=YES
I have made the necessary changes to the connection string to allow for the
new DSN and ServerName, and it works, except for the permissions issue. If
I have to set the permission levels by table, that's not a problem. I just
wanted to make sure that I wasn't missing anything obvious.
"Mike Epprecht (SQL MVP)" <mike@.epprecht.net> wrote in message
news:%23fHHIZhaFHA.3712@.TK2MSFTNGP09.phx.gbl...
> Hi
> In the SBS world, the user that was connecting to the DB was probably SA
or
> had dbo role, so no object level permissions would be required.
> Now, you need them as probably you have different permission set. The old
> way would not have been very secure at all, as a hacker could have free
> reign of your DB.
> Are you using SQL Security, and what roles does the login have?
> Regards
> --
> Mike Epprecht, Microsoft SQL Server MVP
> Zurich, Switzerland
> IM: mike@.epprecht.net
> MVP Program: http://www.microsoft.com/mvp
> Blog: http://www.msmvps.com/epprecht/
> "WC Justice" <wcjhome@.cox-internet.com> wrote in message
> news:I8Koe.8490$I_1.2047@.okepread02...
to[vbcol=seagreen]
but[vbcol=seagreen]
need[vbcol=seagreen]
that[vbcol=seagreen]
each[vbcol=seagreen]
>|||I was using IUSR, with read permission only, and was using the following
connection string:
DSN=RLDP_SQL; UID=IUSR_WCJE05S;PWD=<>;DATABASE=RLDP_SQL;APP=ASPScript;
TRUSTED_CONNECTION=YES
I have made the necessary changes to the connection string to allow for the
new DSN and ServerName, and it works, except for the permissions issue. If
I have to set the permission levels by table, that's not a problem. I just
wanted to make sure that I wasn't missing anything obvious.
Follow-Up: I found that if I make the IUSR a dbo, then it works great. Is
this a mistake from a security standpoint?
"Mike Epprecht (SQL MVP)" <mike@.epprecht.net> wrote in message
news:%23fHHIZhaFHA.3712@.TK2MSFTNGP09.phx.gbl...
> Hi
> In the SBS world, the user that was connecting to the DB was probably SA
> or had dbo role, so no object level permissions would be required.
> Now, you need them as probably you have different permission set. The old
> way would not have been very secure at all, as a hacker could have free
> reign of your DB.
> Are you using SQL Security, and what roles does the login have?
> Regards
> --
> Mike Epprecht, Microsoft SQL Server MVP
> Zurich, Switzerland
> IM: mike@.epprecht.net
> MVP Program: http://www.microsoft.com/mvp
> Blog: http://www.msmvps.com/epprecht/
> "WC Justice" <wcjhome@.cox-internet.com> wrote in message
> news:I8Koe.8490$I_1.2047@.okepread02...
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment