INF: SQL Server and User Level Security

ID: Q72361

The information in this article applies to:

SUMMARY

Setting up SQL Server under user-level security requires the following three steps:

  1. Grant permissions on the LAN to use pipes.


  2. Create login IDs for named users on the LAN.


  3. Grant privileges to the database users.



MORE INFORMATION

Granting Permissions on Named Pipes

When attempting to install SQL Server on top of user-level security, there are several extra steps necessary to prepare the LAN software, the most important of which is to grant permissions on named pipes.

In user-level security, IPC$ (interprocess communications) is shared automatically. However, before you can use named pipes, permissions to use them must be granted.

Grant permissions through the LAN Manager's NetAdmin screen. The following are the steps necessary to grant everyone on the LAN permission to use pipes. Permissions may be restricted at a later time.
  1. Start the NetAdmin screen by typing:

    NET ADMIN


  2. Choose Accounts from the main menu.


  3. Choose Other Permissions.


  4. Choose Named Pipes.


  5. Choose Zoom.


  6. Select the first *GROUP (that is, *ADMINS).


  7. Choose Permitted access (Yes), or Permitted access: may change permissions (Yes+P).


  8. Choose Permit.


  9. Choose Permit again until all *GROUPS are permitted (you may ignore named USERS for the time being).


  10. Choose OK and back out of NetAdmin.


This procedure is also documented in Chapter 11 "Sharing Processing Power" of the "Microsoft LAN Manager Administrator's Guide." Version 2.2.

Please note that it is not necessary to start and stop the server for these permissions to become effective.

The next step is to set up Microsoft SQL Server for OS/2. For more information on these processes, see Part 5 "User Accounts" of the "Microsoft SQL Server System Administrator's Guide."

Create Login IDs

Create login IDs only for those individuals who are also named users on the LAN. This restriction is unique to user-level security. To add new users, first make them users on the LAN. For more information on creating LAN user accounts, see Chapter 4 "Setting Up User-Level Security" of the "Microsoft LAN Manager Administrator's Guide." Version 2.2.

Create Groups

In addition to any specialized groups, create a group name called "guest". This is created as a group name, without a user ID. It must be in lowercase letters. Users who log on to the SQL Server as guest, will have the same privileges that have been granted to public.

Grant Permissions

No privileges exist for users other than system administrator (sa) and database owner (dbo), until they have been granted. In addition, granting permissions in SQL Server is database specific. In other words, permissions in one database may differ considerably from those in another. It is generally advisable to create a script that grants and revokes privileges for each database. 


Keywords          : kbnetwork kbsetup SSrvAdmin SSrvInst SSrvLAN 
Version           : 4.2
Platform          : OS/2 
Issue type        :

Last Reviewed: March 11, 1999