Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Hitesh Shah
Yak Posting Veteran
80 Posts |
 Posted - 2008-04-10 : 02:38:01
|
| We normally map a single SQL user to all application users . From performance standpoint and from best practices perspective , what is the preferred method of mapping OS users to SQL users viz one to one OR many to one . |
|
|
Lumbago
Norsk Yak Master
3271 Posts |
Posted - 2008-04-10 : 05:45:57
|
| I at least prefer to use either one single sql server user (or usually two actually; one read-only user and one full-access user) like you are doing, or to to have all users go through an Active Directory group. Maintaining alot of users from within sql server is not w route I would go down...--Lumbago |
 |
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2008-04-10 : 23:07:22
|
| It's nothing to do with performance, but about auditing. It's hard to find out who did what if everyone share single sql login. |
|
|
|
CShaw
Yak Posting Veteran
65 Posts |
Posted - 2008-04-11 : 02:03:41
|
| I agree, leaving the logins in AD will take a lot off your plate if you do not have to maintain many accounts. If your do not have that choice and you are forced to use SQL Server logins then one benefit that you get if each user has their own log in is that when you are searching for logs and blocking it is easier to find the offender.Chris Shawwww.SQLonCall.com |
|
|
|
Lumbago
Norsk Yak Master
3271 Posts |
Posted - 2008-04-11 : 02:36:11
|
| I might be wrong on this one but I would think that a single sql server user would be better performance-wise than to have each connection have it's own user. Most (if not all) applications utilize a connection pool when connecting to the database, which basically is a caching mechnism for connections, and I would guess that a few connections in the pool would be faster than many. It also depends on the amount of users...if we are talking less than a hundred I don't think it would matter much but if we are talking thousands (like on a website) it could be a different story. But as I said I'm only guessing here so I might be off...--Lumbago |
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2008-04-12 : 00:38:04
|
| Web app is different since you have no way to create login for those users dynamically, and lot of users maybe just one time user. |
|
|
|
mdubey
Posting Yak Master
133 Posts |
Posted - 2008-05-26 : 20:39:29
|
| I would recommend you to create a AD group on your windows server and add all logins(Windows login) into this AD group.After crating AD group you can give pemission to that particular AD group on the server.If something happend wrong on the server you can probably check with error log and viewr as well.ManojMCP, MCTS |
|
|
|
|
|
|
user creation