August 25, 2009 at 1:49 pm
We have a linked server set up on a development (D1) server connecting to a test (T1) server. In the Security tab, we selected the setting that connection "Be made using this security context: Remote login:
With Password:
Login LLName has sysadmin authority on all servers.
One of our developers just ran an update from D1 to T1, and even though her login on T1 does not allow updates, records were inserted into a table on that server.
Our question is, based on the above settings, which login's authority is used when connecting to the destination server? Since LLName login has sysadmin authority on the destination server, we suspect is allowing these updates.
If we want the developer's login to determine the authority on the destination, would we use the setting "Be Made Using The Login's Current Security context" option?
Thanks for any insight into this security issue.
Kay
August 25, 2009 at 1:53 pm
You'd have to use the Current Security Context option. Or explictly list the logins in the top half of the window.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
August 25, 2009 at 2:01 pm
if you have devlopers login as a sql login as opposed to windows one .... you could also map the logins
-------------------------------------------------
-Amit
Give a man a fish and he'll ask for a lemon. Teach a man to fish and he wont get paged on weekends !! :w00t: - desparately trying to fish [/size]
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply