Friday, March 9, 2012

Permissions

We use an SQL backend ERP system on our Windows Small
Business Server 2k network.
The problem we have is this:
Certain parts of the ERP don't work when logged in as
Domain users, unless they have Domain Admin rights.
Here is the scenario
Pre-Requisites
---
Windows requires username and password
ERP system requires username and password
---
User A (Domain Administrator)
User B (Domain User)
1 - User A logs into PC1 (Windows2K/XP). He then then logs
into the ERP system. He can do everything he wishes as he
has full domain admin rights.
2 - After user A is finished with the ERP system he logs
out of the ERP system but leaves PC1 logged on. User B now
opens the ERP system and logs in with his username and
password. He can complete any task he attempts.
THe PC is now logged off.
3 - User B now logs into Windows2K/XP on PC1 with his
WIndows username and password and then logs into the ERP
system. He can access all parts of the ERP as before but
some screens fail to open/initilaize.
He now logs off of the ERP in order that User A can log on
but leaves Windows logged on.
User A logs onto the ERP system and attempts to complete
certain tasks. He can't seem to comlete them now either
(Same taks).
PC logged off
4 - Give User B admin rights and he can now achieve part 1
of this scenario. Obviously it isn't appropriate to give
every user on our network full Admin rights but does
anyone know what could be happening here and where best to
look for solutions? I.e Windows or SQL.It appears that
1. The ERP may be using trusted connections. That would explain why things
can or can not be done based on who logged into the OS.
2. Also there may be some issues related to connection pooling... When User
B logs into the OS and the ERP, then logs out of the ERP, the ERP continues
to behave as if userB was logged in... Either the ERP is somehow keeping a
connection open or perhaps the connection is not being re-initilized each
time it is returned to the connection pool... Check the connection pool
settings ( as per he ERP system documentation) and see if that helps...
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Robert" <anonymous@.discussions.microsoft.com> wrote in message
news:22d0901c45db5$032581f0$a501280a@.phx
.gbl...
> We use an SQL backend ERP system on our Windows Small
> Business Server 2k network.
> The problem we have is this:
> Certain parts of the ERP don't work when logged in as
> Domain users, unless they have Domain Admin rights.
> Here is the scenario
> Pre-Requisites
> ---
> Windows requires username and password
> ERP system requires username and password
> ---
> User A (Domain Administrator)
> User B (Domain User)
> 1 - User A logs into PC1 (Windows2K/XP). He then then logs
> into the ERP system. He can do everything he wishes as he
> has full domain admin rights.
> 2 - After user A is finished with the ERP system he logs
> out of the ERP system but leaves PC1 logged on. User B now
> opens the ERP system and logs in with his username and
> password. He can complete any task he attempts.
> THe PC is now logged off.
> 3 - User B now logs into Windows2K/XP on PC1 with his
> WIndows username and password and then logs into the ERP
> system. He can access all parts of the ERP as before but
> some screens fail to open/initilaize.
> He now logs off of the ERP in order that User A can log on
> but leaves Windows logged on.
> User A logs onto the ERP system and attempts to complete
> certain tasks. He can't seem to comlete them now either
> (Same taks).
> PC logged off
> 4 - Give User B admin rights and he can now achieve part 1
> of this scenario. Obviously it isn't appropriate to give
> every user on our network full Admin rights but does
> anyone know what could be happening here and where best to
> look for solutions? I.e Windows or SQL.|||One last thing i forgot to mention was that we had to
change a network card and driver on the server and before
this the parts of the ERP which do not function proplery
now worked prior to the new card/driver being installed.
Any advice/assistance in this matter greatly appreciated

>--Original Message--
>It appears that
>1. The ERP may be using trusted connections. That would
explain why things
>can or can not be done based on who logged into the OS.
>2. Also there may be some issues related to connection
pooling... When User
>B logs into the OS and the ERP, then logs out of the ERP,
the ERP continues
>to behave as if userB was logged in... Either the ERP is
somehow keeping a
>connection open or perhaps the connection is not being re-
initilized each
>time it is returned to the connection pool... Check the
connection pool
>settings ( as per he ERP system documentation) and see if
that helps...
>--
>Wayne Snyder, MCDBA, SQL Server MVP
>Mariner, Charlotte, NC
>www.mariner-usa.com
>(Please respond only to the newsgroups.)
>I support the Professional Association of SQL Server
(PASS) and it's
>community of SQL Server professionals.
>www.sqlpass.org
>"Robert" <anonymous@.discussions.microsoft.com> wrote in
message
> news:22d0901c45db5$032581f0$a501280a@.phx
.gbl...
--[vbcol=seagreen]
--[vbcol=seagreen]
logs[vbcol=seagreen]
he[vbcol=seagreen]
now[vbcol=seagreen]
on[vbcol=seagreen]
part 1[vbcol=seagreen]
to[vbcol=seagreen]
>
>.
>

No comments:

Post a Comment