Authorizing Users in SQL Server |
< Previous section | Table of Contents | Index | Next section >
If you have checkmarked the option MainBoss manages SQL Security in the Defaults for Users section of Administration | Users, then MainBoss automatically gives new users appropriate permissions to access the MainBoss database through SQL Server. If you have turned off this option, you must authorize users manually. You might also have to authorize a user manually if someone else (or another program) has de-authorized the user for some reason.
In order to follow the steps described in this section, you must have SQL Server Administrator permissions on the SQL Server that manages MainBoss.
The following steps describe how to check whether a user has appropriate permissions for accessing the MainBoss database through SQL Server. The steps also describe what to do if permissions for a user have somehow been removed:
Remember that the name you specify must be a valid login name for the current computer. When logging in from other computers, users must have the same name and password as on the computer where SQL Server is running. (This will always be true if you use domains, since the whole point of domains is to let users have the same name and password on multiple machines.)
Spelling: If a particular user can't access the MainBoss database, always check that the user's name is spelled correctly in the various places it should appear, e.g. MainBoss's Users table and SQL Server's Logins list.
Groups: SQL Server lets you grant permissions to user groups as well as individuals. Therefore, you might choose to use the above procedure to grant permissions to a "MainBoss User" group. Once you do that, you can add new users to the group and they automatically receive SQL Server permissions on the MainBoss database. However, the Users table inside MainBoss only allows individual login names, not groups.
Note that you might be tempted to set up SQL Server permissions so that anyone can access the MainBoss database. However, MainBoss itself will only work for people explicitly authorized in the MainBoss Users table. If you grant SQL Server permissions to all users, you end up with the undesirable situation where some people may be prevented from using MainBoss itself, but could still change the database by hand (e.g. with Microsoft Access) if they wanted to. If someone can access the database, it's best to make sure that they do it by using MainBoss, not some other piece of software.
Deleting Users: When you add a user to Administration | Users, MainBoss grants that user permission to connect with SQL Server (if you've turned on the MainBoss manages SQL Security option). However, when you delete a user from the Users table, MainBoss does not delete the user's permission to connect with SQL Server—the user may need "Connect SQL" permission in order to use SQL Server with another software package.
If you wish to completely remove a user's access to SQL Server, remove the user's name from SQL Server's Logins list, using SQL Server Management Studio.
< Previous section | Table of Contents | Index | Next section >