Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
james_blonde007
Starting Member
3 Posts |
 Posted - 2002-07-23 : 11:24:04
|
| Hey peeps,This is a tricky one I think, can anyone help ? I'm really stuck.I am creating a temporary login account equivalent to an 'SA' account so that I may create my SQL 2000 database, after which I want to be able to delete the temporary login account.I have used the term, 'My APP' to represent the software/application I have written and using to create the database.'My APP' uses two SQL accounts during the database creation process.A temporary account with administrative privileges is required to create the SQL database.A permanent account is automatically created by the 'My APP' software with read/write privileges for the 'My APP' software to communicate with the database.The temporary account: To create the 'My APP' database on a SQL server, an account (for example ‘Temp-Install-login’) is required to be set up with the equivalent rights to an SA account.This allows the 'My APP' database to be created. The ‘Temp-Install-login’ account can then be demoted by removing the admin rights. Once the admin rights have been removed this will allow the account to be deleted.is this correct ? As the ‘Temp-Install-login’ account is only associated with the creation of the 'My APP' database, it’s deletion will not affect any other database running on the SQL server.The deletion of the ‘Temp-Install-login’ account also removes any security threat associated with SA accounts.The permanent accountThe 'My APP', ‘My APP_USER-login’* account is automatically generated by the 'My APP' software. The ‘My APP_USER-login’ account only uses read/write access.This account is required for the 'My APP' software to communicate, (write records etc) with the 'My APP' database.*'My APP_USER-login' is an example name.Has anyone got any ideas to create a temp 'SA' account that can be deleted after you have used it to create a database ?Edited by - james_blonde007 on 07/23/2002 11:25:55 |
|
|
AjarnMark
SQL Slashing Gunting Master
3246 Posts |
Posted - 2002-07-23 : 20:03:23
|
| With what login are you using to connect to SQL Server to create your temporary admin login? That login has to have high level privileges in order to assign sysadmin privileges to a new login. Why not just use that login to issue the CREATE DATABASE statement, and forget creating a temporary login?OR, instead of creating a temporary sysadmin login, why not create a login that just has DB_Creator privileges (server role) instead of full sysadmin? That way it is less of a security risk. |
 |
|
|
james_blonde007
Starting Member
3 Posts |
Posted - 2002-07-24 : 04:44:59
|
I create the 'temporary admin login' directly using enterprise manager and the default database for its login is 'master' {quote}'OR, instead of creating a temporary sysadmin login, why not create a login that just has DB_Creator privileges (server role) instead of full sysadmin? That way it is less of a security risk.'[COLOR=green]Can I delete this account once the DB has been created ?[/COLOR]Edited by - james_blonde007 on 07/24/2002 04:46:33Edited by - james_blonde007 on 07/24/2002 04:48:05 |
|
|
|
james_blonde007
Starting Member
3 Posts |
Posted - 2002-07-24 : 04:49:43
|
| I create the 'temporary admin login' directly using enterprise manager and the default database for its login is 'master'{quote}'OR, instead of creating a temporary sysadmin login, why not create a login that just has DB_Creator privileges (server role) instead of full sysadmin? That way it is less of a security risk.'[SIZE=3]Can I delete this account once the DB has been created ?[/SIZE] |
|
|
|
AjarnMark
SQL Slashing Gunting Master
3246 Posts |
Posted - 2002-07-25 : 14:35:15
|
| James,What am I missing in this process? If you can create the Temporary Admin account in Enterprise Manager, why can't you just delete it from Enterprise Manager when you're done?Or even simpler, why don't you just create the table in Enterprise Manager?WHY do you need this other admin account? What am I missing in the flow of things here? |
|
|
|
|
|
|
|
|
Deleting SQL2000 'SA' equivalent login account