sql server - How to Grant Permission to IMPERSONATE any other user? -


in order log usage of application developing need every user using application execute queries against sql server database under own credentials.

in order not storing passwords in retrievable fashion, can't creating connection on per-user basis (because entail knowing password past brief window when log-in).

the, seemingly obvious, solution problem (which may sub-optimal) run sensitive queries generic "application" user, impersonating logged in user (requiring me associate logged in user username...which not bad thing).

my problem i'm not sure how grant impersonate users of role, or users in general (not brightest idea, because don't want app impersonating sysadmin, instance).

grant impersonate on applicationlogin

doesn't work, , there's no documentation can find suggests granting impersonation on members of role doable...

any ideas?

you can use dynamic sql . code below fetches users related specific role , grant permission impersonate on user. should create user on application login relate database , grant permission impersonate on members of specific role. code:

create trigger s2 on database create_user  create table #t (principal_name nvarchar(100),role_name nvarchar(100)); l (select *             (select p.name 'principal_name',r.role_principal_id 'gh'                 sys.database_principals p,sys.database_role_members r                 p.principal_id=r.member_principal_id or p.principal_id=r.role_principal_id                 , type<>'r') s inner join (select p.name 'role_name',p.principal_id 'gha'                                                 sys.database_principals p,sys.database_role_members r                                                 p.principal_id=r.member_principal_id or p.principal_id=r.role_principal_id                                                 , type='r') d                 on d.gha=s.gh) insert #t select distinct principal_name,role_name l ------------ enter role name here  role_name '%%' ------------ declare @p nvarchar(100),@text nvarchar(max)='' ------------------------- change desired name of application user declare @appuser nvarchar(100)='application_user' ------------------------- declare c cursor select principal_name #t open c fetch next c @p while(@@fetch_status=0)     begin         set @text+='grant impersonate on user::['+@p+'] '+@appuser+' '         fetch next c @p     end close c deallocate c drop table #t exec(@text)

i hope work you.


Comments

Post a Comment

Popular posts from this blog

c++ - CryptStringToBinary API behavior -

i seeing strange behavior cryptstringtobinary cryptography api. please see below code (config: x64 debug): #include "stdafx.h" #include <windows.h> #include <strsafe.h> #include <iostream> #include <exception> void main() { dword dwskip; dword dwflags; dword dwdatalen; //lpcwstr pszinput = l"jaaaaaecaaadzgaaakqaagdnnl1l56bwgfjdgr3rpxtqqqn6daw3usv2emkjym4t"; //this works fine lpcwstr pszinput = l"mytest"; //doesnt work, api returns false,error code 0x0000000d // determine size of byte array , allocate memory. if(! cryptstringtobinary( pszinput, _tcslen( pszinput ) + 1, crypt_string_base64, null, &dwdatalen, &dwskip, &dwflags ) ) { dword dw = getlasterror(); //0x0000000d: data invalid throw std::exception( "error computing byte length." ); } byte *pbytebyte = null; try { ...
Read more

c++ - Correct method for redrawing a layered window -

i have window created ws_ex_layered window style. drawing onto memory bitmap using gdi+, , using updatelayeredwindow update graphical content of layered window. intend use window main window of application, require redraw frequently. seeing layered windows not receive wm_paint windows message [?] , need come appropriate method re-drawing window. optimisation not essential , it's nice have cake , eat too. therefore, in search of "correct" method use. here thoughts far: i guess it's idea render onto off-screen bitmap before bitblt ing or similar. 60 frames rendered per second should (more than?) enough (but how compare other applications' frame rates?). possible solutions: use settimer send wm_timer message on regular basis. useful because through specifying time-out value, can achieve desired frames per second, without requirement measure duration "frame" takes rendered. would cause input or other lags due frequency , speed of m...
Read more

java.util.scanner - How to read and add only numbers to array from a text file -

i'm learning java , have question regarding reading file want read numbers file contains strings well. here example of file: 66.56 "3 java 3-43 5-42 2.1 1 and here coding: public class test { public static void main (string [] args){ if (0 < args.length) { file x = new file(args[0]); try{ scanner in = new scanner( new fileinputstream(x)); arraylist<double> test = new arraylist<>(); while(in.hasnext()){ if(in.hasnextdouble()){ double f=in.nextdouble(); test.add(f);} else {in.next();} } catch(ioexception e) { system.err.println("exception during reading: " + e); } } my problem add 66.56,2.1 , 1 doesn't add 3 after "3 or ignores 3-43 , 5-42 can tell me how skip strings , add doubles here? thanks all said 3 ie; "3, 3-43 , 4-42 strings either u read string , split , check number @ " , - or put in space between characters , integers. jvm after compilation tre...
Read more