Book Errata – Erratum #3

A couple of mistakes in chapter 8;

On page 197 the command to create a user within a database needs more explanation, so the whole paragraph should read

Adding a user to a database

Just because a login exists and can connect to SQL Server it doesn’t gain access to any databases. You must first grant an account access to the database. You can do this with the following SQL command:

USE [exampleDatabase] GO CREATE USER Olle FOR LOGIN Olle; GO

This command creates a user within the database it is run in, in this example you first switch to the database exampleDatabase and then create a user Olle within for the SQL login account Olle. The user you create in a database does not have to have a name that matches with the actual login. If you want to create a user for a Windows login already granted access to SQL then you use the full Windows login details in the command, for example

CREATE USER NetworkService FOR LOGIN [Puck\Network Service];

This command creates a user NetworkService for the Network Service account on the machine Puck, assuming you have already granted that Windows account access to the SQL server as described previously in “Connecting without Passwords”. You can use square brackets, [ and ] to enclose user names or account names if they contain spaces.

However adding a user to a database is only the first step, these new user accounts cannot do anything without some further work.

On page 199 I got the permissions order the wrong way around; the paragraphs after the create command should read

As you can imagine, salary is sensitive data, and you would not want to allow anyone who has not been authorized to view this data. If you cannot use stored procedures, you can use views to limit access. First, you remove permissions on the table itself from everyone in the Public role using the following command:

DENY SELECT ON employee TO Public

Then you specifically grant table permissions to those who are allowed access (the Accounting role, for example, for ad-hoc reporting) using the following command:

GRANT SELECT ON employee TO Accounting

Technorati Tags: Securing ASP.NET,Errata,Wrox

Tuesday, April 27, 2010 2:59 PM

Your Comments.

# re: Book Errata – Erratum #3

Might remove permissions using REVOKE instead of DENY?

Because deny on public has the effect of blocking all user access including the subsequent GRANT to Accounting.

Have a great weekend. Great book, too!

Left by Mike at 7/10/2010 12:21 AM

Your Reply.

Comment Form.

Fields denoted with a "*" are required.

*Your name:

*Subject:

You may also like to leave your email or website.

*Your message:

Please add 1 and 7 and type the answer here:

Enter the code shown above:

Jump Menu

So what are all these buttons for?

Personalize

Text Size

Layout

Navigation Position

idunno.org

now with extra subtext goodness

Book Errata – Erratum #3

Your Comments.

Your Reply.

Preview Your Comment.

Buy My Book

News

Tag Cloud

Article Categories

Archives

Post Categories

Syndicate

Shiny Badge Things