ID Number: Q72361
1.10 1.11 4.20
OS/2
Summary:
Setting up SQL Server under user-level security requires the following
three steps:
1. Grant permissions on the LAN to use pipes.
2. Create login IDs for named users on the LAN.
3. Grant privileges to the database users.
More Information:
Granting Permissions on Named Pipes
-----------------------------------
When attempting to install SQL Server on top of user-level security,
there are several extra steps necessary to prepare the LAN software,
the most important of which is to grant permissions on named pipes.
In user-level security, IPC$ (interprocess communications) is shared
automatically. However, before you can use named pipes, permissions to
use them must be granted.
Grant permissions through the LAN Manager's NetAdmin screen. The
following are the steps necessary to grant everyone on the LAN
permission to use pipes. Permissions may be restricted at a later
time.
1. Start the NetAdmin screen by typing:
NET ADMIN
2. Choose Accounts from the main menu.
3. Choose Other Permissions.
4. Choose Named Pipes.
5. Choose Zoom.
6. Select the first *GROUP (that is, *ADMINS).
7. Choose Permitted access (Yes), or Permitted access: may change
permissions (Yes+P).
8. Choose Permit.
9. Choose Permit again until all *GROUPS are permitted (you may ignore
named USERS for the time being).
10. Choose OK and back out of NetAdmin.
This procedure is also documented on pages 237-239 of the "Microsoft
LAN Manager Administrator's Guide."
Please note that it is not necessary to start and stop the server for
these permissions to become effective.
The next step is to set up SQL Server. For more information on these
processes, see chapters 6 and 7 of the "Microsoft SQL Server System
Administrator's Guide."
Create Login IDs
----------------
Create login IDs only for those individuals who are also named users
on the LAN. This restriction is unique to user-level security. To add
new users, first make them users on the LAN. For more information on
creating LAN user accounts, see pages 93-97 of the "Microsoft LAN
Manager Administrator's Guide."
Create groups; in addition to any specialized groups, create a group
name called "guest". This is created as a group name, without a user
ID. It must be in lowercase letters. Users who log on to the SQL
Server as guest, will have the same privileges that have been granted
to public.
Grant Permissions
-----------------
No privileges exist for users other than system administrator (SA) and
database owner (DBO), until they have been granted. In addition,
granting permissions in SQL Server is database specific. In other
words, permissions in one database may differ considerably from those
in another. It is generally advisable to create a script that grants
and revokes privileges for each database.