Application Security and NT Security Integration Questions

Application Security and NT Security Integration Questions

Post by Bill Luca » Thu, 08 Mar 2001 05:15:01



Hello, my company is currently starting the design for our next Client
Server Version.  One of the largest requests our customers have had was the
ability to integrateour app into NT Security.  Ok not so bad at first but
here are some of things we need to consider.

1. A lot of our customers are requlated by the FDA and need a validated
closed system
2. Other customers are regulated by ISO 900x, QS 9000, ISO 17025 or etc.
where they do not need a validated system, and can use looser security.
3. Users of closed systems  should still be able to use NT Security to
control access into the database and its dataasets
4. NT Integrated security should co-exist with application level security,
IE we can assign a non NT adminstrative user into an adminstrative role, or
we can limit what if any of the data is allowed to be changed by any user.
5. Validated Users should still be able to force thier users to log in with
thier nt credentials even though they have logged on to the Domain, and
force them to re-confirm their password after periods of inactivity longer
than the system settings allow.

There are some others that we are considering, however that should be enough
to get the point across.

Basically I can't expect any one person to sit down and tell me how to do
this, but I asume their may be some out there who have already done this,
and if they have any reference sources, or other tips and tricks I would be
more than interested in them.

Any references or information you have on integrating NT Security  into our
app would be greatly appreciated.

Thanks,

Bill

 
 
 

1. DUMB question: Standard security / NT security

Yesterday I was setting up a SQL login account on a SQL Server in the
DEPT821 domain.  This user did not have an account in this domain.  I
was a little surprised that the user could not connect to the SQL
Server; they would get the "SQL Server is unavailable or does not exist"
message.  

However, after giving them an account on the DEPT821 domain, then they
could connect to the server.  This situation seems analagous to the way
MS-Mail requires that a user have both a server account and an MS-Mail
account.

I am somewhat embarrassed that I don't understand this correctly:  is it
NOT POSSIBLE for a user to use SQL Server without a domain or server
account for the NT machine that hosts the SQL Server?  Or would this be
possible if the SQL Server were not a domain member (ie., a standalone
server)?  I'd like to be able to have people use the SQL Server via
standard security without having to also burden them and me with the
creation and maintenance of the NT account.  Many of these users are Win
95 users who do not need the NT account for any reason except connecting
to the SQL Server.


Any help is greatly appreciated.
--
Chris Leonard
Database Administrator
Essilor of America
St. Petersburg, FL

Voice:  (813) 541-5733, ext. 4382
FAX:    (813) 544-3146

2. JDBC and Xbase + CDX Index

3. Use NT security integration with ASP

4. DTS and ASP problems

5. Accessing SQL using NT Integration Security using ADO

6. MO, St. Louis / Sr. Database Administrator (RECRUITER)

7. Access 97 Security Integration Question.

8. sql 2000 and xml, rtf, http

9. How to integrate Access application security with a SQL Server security

10. NT Integrated Security Without SQL Security Manager ?

11. change from integrated security to nt only security

12. SQL security to NT security

13. Converting From SQL Security to NT Security