Post reply

Changing authenication for upgrade

  • July 3, 2006 at 4:31 am

    #94474

    I posted this in 'Administration' but have subsequently realised it should be in 'Security'

    We have a database which has always SQL authenication and has 300-400 named users.  Upgrades to the database have always been done as 'sa'. 

    There is a new upgrade required.  The new owners of the software now want use to change the authenication to Windows NT to complete the upgrade.  They suggest changing the authenication to Windows to complete the upgrade then back again to SQL afterwards.

    Can anyone see any difficulties with this?  Has anyone got any advice on this?

    Madame Artois

  • July 3, 2006 at 10:01 am

    #647255

    Hi, depending on the work the upgraders will have to do (eventually gain access to network ressources during the upgrade) this could be required to switch to Windows authentication.

    Windows Authentication is always on, there is Windows Authentication mode and Mixed mode (including SQL Server authentication) so you normally on´t have to turn on something rather than granting the appropiate person access to SQL Server) If they have been granted access as sa in the past, just put their Windows account in the sysadmin servern role and you are done. But remember to drop them of the role if you don´t want them to have access after the upgrade.

    HTH, Jens Suessmeyer.

    ---

    http://www.sqlserver2005.de

    ---

  • July 3, 2006 at 3:00 pm

    #647293

    Are they connecting through the application to do the upgrade? Or is the upgrade being run from a separate program, such as an installer?

    K. Brian Kelley
    @kbriankelley

  • July 4, 2006 at 6:33 am

    #647358

    They send us a script which we run through QA. 

    Madame Artois

  • July 4, 2006 at 8:54 am

    #647370

    I would take a look at the script. The method of authentication shouldn't matter. The login's rights within SQL Server and how it maps to a user in the database does, however. Even if you login as a Windows account and do something like an xp_cmdshell command, you're either going to execute as the SQL Server service account or the SQL Server Agent proxy account (if it is set). Therefore, it shouldn't matter how you login, as long as the login has the appropriate rights and maps into the database properly (this matters for who owns the object).

    K. Brian Kelley
    @kbriankelley

  • July 5, 2006 at 2:08 am

    #647429

    We won't get the script until the beginning of next week so we will look at it then.  In the meantime, we are going back to the company to get more detail (in the light of your responses).  We're glad to know that we were right to query this change; it just seems so odd to us

    Madame Artois

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply