Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
xerosaburu
Starting Member
3 Posts |
 Posted - 2007-04-13 : 09:59:58
|
| What is the practical difference between using "Not be made" and "Be made without using a security context"?I've searched and it seems that if you are serious about NOT wanting anyone except a single login to be able to access the linked server that you ought to use "Not be made", however it seems that elsewhere it suggests that "Be made without using a security context" will accomplish the same thing.Is that right?If so, then what is the point?Ex: I'm trying to apply the fewest settings on a sql server B linked to sql server A, but I only want login ZZZ to be able to access B through A, so I figure I ought use "Not be made", however reading various places it seems that "Be made without using a security context" is suggested to do the same thing.This quote from -http://www.microsoft.com/technet/prodtechnol/sql/2000/books/c08ppcsq.mspx"Be Made Without Using A Security Context Blocks access to all logins not explicitly mapped to the linked server." |
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2007-04-13 : 10:47:04
|
| Not be made:Specify that for logins not defined in the list, a connection will not be made.Be made without using a security context:Specify that for logins not defined in the list, a connection will be made without using a security context. |
 |
|
|
xerosaburu
Starting Member
3 Posts |
Posted - 2007-04-13 : 11:20:06
|
quote:
Originally posted by rmiao
Not be made:Specify that for logins not defined in the list, a connection will not be made.Be made without using a security context:Specify that for logins not defined in the list, a connection will be made without using a security context.
Yes, yes, but the definitions are a bit circular and question begging when it comes to the actual meaning of the application from the level of real world use.Practically what is the real difference and why would I be concerned? |
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2007-04-13 : 12:46:56
|
| If you set Not be made, sql will not connect to linked server if user is not in mapping list. If you set Be made without using a security context, sql will connect to linked server without security context if user is not in mapping list. May not get any result from linked server. From you you said in your original post, I think you should set Not be made. |
|
|
|
xerosaburu
Starting Member
3 Posts |
Posted - 2007-04-13 : 13:36:44
|
quote:
Originally posted by rmiao
If you set Not be made, sql will not connect to linked server if user is not in mapping list. If you set Be made without using a security context, sql will connect to linked server without security context if user is not in mapping list. May not get any result from linked server. From you you said in your original post, I think you should set Not be made.
Ok, I think I get it. It seems that "without a security context" just gets a guest connect. Now if anonymous guest connects are set up on the other server, then I'd say they have a problem. |
|
|
|
|
|
|
|
|
Linked Server Security Question