Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security around linked severs

Status
Not open for further replies.
bluto99

bluto99

Programmer
Apr 11, 2001
11
GB
I am creating a linked server from SQL Server 2005 to Oracle. I would like to lock down the link to a set of developers assigned to an global windows group. I konw there is a method to map individual users to a login on the Oracle database but I cannot find a way of allow a group to have access.

Does anyone know of a way to do this?
 
Sort by date Sort by votes
Unfornitually there is no way to map a domain group across a linked server. It's got to be done login by login.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Upvote 0 Downvote
That is a shame, would be really handy to be able to do this as it is in keeping with our security structure.

Is there a security option to take out the ability to use linked servers?
 
Upvote 0 Downvote
Sadly there isn't.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Upvote 0 Downvote
MrDenny,

Can you expand on your comment here:

Unfornitually there is no way to map a domain group across a linked server. It's got to be done login by login.
Click to expand...

I just set up a linked server today. I always set it up to use an existing account on the target server to connect.

My understanding is that there can only be ONE connection per linked server? ie) the connection I use to set up the linked server.

Thanks
 
Upvote 0 Downvote
If I have a login on my SQL Server called "MYDOMAIN\Domain Admins" and this login maps to a Windows Group also called "MYDOMAIN\Domain Admins" there is no way for me to setup a mapping through the linked server for this login. For each member of the "MYDOMAIN\Domain Admins" domain group who needs access to the linked server I have to add there domain account as a SQL account (in my case MYDOMAIN\mrdenny) and use that account to map through the linked server.

The ops question isn't about connections, but how to secure the linked server so that unauthorized users aren't running queries against the Oracle server.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

skibum019
  • Locked
  • Question
SQL Cluster Linked Server to SQLite DB
Replies
0
Views
87
skibum019
skibum019
niall5098
  • Locked
  • Question
linked server query causes sqlsrver to crash
Replies
1
Views
122
yelworcm
yelworcm
chriscrowhurst
  • Locked
  • Question
Linked server : access to the remote server is denied because no login-mapping exists. 1
Replies
5
Views
378
SQLBill
SQLBill
Luvsql
  • Locked
  • Question
SQL 2008 Express as Linked Server in order to perform scheduled backups
Replies
1
Views
65
PghMikeH
PghMikeH
seaport
  • Locked
  • Question
Set up a linked server to a SQL2000
Replies
1
Views
81
seaport
seaport

Part and Inventory Search

Sponsor

Back
Top