 |
|
|
 | User Privileges when Executing Stored Procedures and Evaluating Queries |  | Privileges and Privilege Subjects |
A client logs in using the API function Login once he's connected to a server using the API function Connect. Usually these functions are embodied either in some interactive tools (login dialogs etc.) in client interfaces or encapsulated into functions in existing interfaces (e.g. function wb_connect in PHP or in the properties of the TSQL602Connection component in the Delphi CDK.
In the time between connecting and logging in, a client can utilize almost no operation on a server.
A normal, nonanonymous, login requires a username and a password to be specified. Anonymous login uses an empty name (or ANONYMOUS name) and an empty password. Anonymous access doesn't have to be allowed on a server.
Logging in without specifying username and password is possible in these cases:
In these cases it's sufficient to set "*NETWORK" instead of the username and leave the password empty.
The last of these cases doesn't consume another SQL licence.
It's required to set a domain name into the parameter TrustedDomain so the server accepts logins from the domain server. Alternatively you can set the trusted domain name also in the Control Panel into the field Domain validating logins in the Runtime parameters window, Security tab.
Simulated login is an operation that verifies password and username without changing anything about the current login. Simulated login is commonly used, when a client application wants to check whether the same user that logged in earlier is still at the computer, and doesn't want to discard open cursors or prepared commands.
The Login_par function with the LOGIN_FLAG_SIMULATED flag handles simulated login.
If users that will be SQL server clients are already logged in a Microsoft Windows domain, then the user account creation on SQL server can be simplified.
If there's a domain that validates logins set on a SQL server and if automatical creating of domain user is turned on, then for each user who is logged in the domain and doesn't have a SQL account there's a new account created. Username is then the same in the domain and on the SQL server.
An account created liked this won't have a password defined. Otherwise the user changes the password he or she can only connect to the SQL server when connected to the domain.
A newly created user will be a member of the Everybody group. The user won't be member of any other groups and no other privileges will be assigned to him.
The automatical creation of domain users is turned on by the CreateDomainUsers property. You can also turn it on or off from the Control Panel on the Security tab of the Runtime parameters window.
| User Privileges when Executing Stored Procedures and Evaluating Queries | | Privileges and Privilege Subjects |