INF: SQL Server and User Level Security

 Last reviewed: April 25, 1997
Article ID: Q72361

The information in this article applies to: 

  - Microsoft SQL Server version 4.2 for OS/2

SUMMARY

Setting up SQL Server under user-level security requires the following three steps:

  1. Grant permissions on the LAN to use pipes.

  2. Create login IDs for named users on the LAN.

  3. Grant privileges to the database users.

MORE INFORMATION

Granting Permissions on Named Pipes

When attempting to install SQL Server on top of user-level security, there are several extra steps necessary to prepare the LAN software, the most important of which is to grant permissions on named pipes.

In user-level security, IPC$ (interprocess communications) is shared automatically. However, before you can use named pipes, permissions to use them must be granted.

Grant permissions through the LAN Manager's NetAdmin screen. The following are the steps necessary to grant everyone on the LAN permission to use pipes. Permissions may be restricted at a later time.

  1. Start the NetAdmin screen by typing:

    NET ADMIN

  2. Choose Accounts from the main menu.

  3. Choose Other Permissions.

  4. Choose Named Pipes.

  5. Choose Zoom.

  6. Select the first *GROUP (that is, *ADMINS).

  7. Choose Permitted access (Yes), or Permitted access: may change permissions (Yes+P).

  8. Choose Permit.

  9. Choose Permit again until all *GROUPS are permitted (you may ignore named USERS for the time being).

  10. Choose OK and back out of NetAdmin.

This procedure is also documented in Chapter 11 "Sharing Processing Power" of the "Microsoft LAN Manager Administrator's Guide." Version 2.2.

Please note that it is not necessary to start and stop the server for these permissions to become effective.

The next step is to set up Microsoft SQL Server for OS/2. For more information on these processes, see Part 5 "User Accounts" of the "Microsoft SQL Server System Administrator's Guide."

Create Login IDs

Create login IDs only for those individuals who are also named users on the LAN. This restriction is unique to user-level security. To add new users, first make them users on the LAN. For more information on creating LAN user accounts, see Chapter 4 "Setting Up User-Level Security" of the "Microsoft LAN Manager Administrator's Guide." Version 2.2.

Create Groups

In addition to any specialized groups, create a group name called "guest". This is created as a group name, without a user ID. It must be in lowercase letters. Users who log on to the SQL Server as guest, will have the same privileges that have been granted to public.

Grant Permissions

No privileges exist for users other than system administrator (sa) and database owner (dbo), until they have been granted. In addition, granting permissions in SQL Server is database specific. In other words, permissions in one database may differ considerably from those in another. It is generally advisable to create a script that grants and revokes privileges for each database.

Additional query words:
Keywords : kbnetwork kbsetup SSrvAdmin SSrvInst SSrvLan
Version : 4.2
Platform : OS/2

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: April 25, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.