Database roles and delegates

Aug 30, 2010 at 12:42 AM
Edited Aug 30, 2010 at 12:46 AM

I have a look at Video 10 and notes in the documentation on page 21. Some things are not clear (at least to me)

One thing (I am sure there will be more) is that do all users of any application that I need to do a check access on have to exist as a member of NetSqlAzMan_Reader as a minimum in order for this to work . If I authorize for a role, task or operation users straight from AD without specifically making them a NetSqlAzMan_Reader, then if I do  check access test will they come up neutral or will I get an error. I know this could be tested for but this means I have to create dummy test accounts and login and log out each time as I can't test other users using the MMC snap-in.

 

Coordinator
Aug 30, 2010 at 5:58 AM

Hi,

There are two types of users:

1) Who can open a connection to storage (and then can invoke the CheckAccess method):

IAzManStorage storage = new SqlAzManStorage (connectionString);

storage.CheckAccess ([another user]);

2) users on which you make a CheckAccess (the user is a method parameter).

For the first, is required to be members of the Database Role NetSqlAzMan_Readers.

For the second permit is not required, it will SQL on AD. (So it is not necessary to be a member of the NetSqlAzMan_Readers role)

The documentation on page 21 and Video Tutorial Lesson 10 refer to the first type of users.

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Aug 30, 2010 at 7:35 AM

Ok Thanks