Create a new users group for inno setup [duplicate] - permissions

This question already has an answer here:
Inno Setup - How to give one specific user rights to a folder
(1 answer)
Closed 2 years ago.
I need to create a new usersgroup, because it is not included in the ones already created :
authusers Authenticated Users group
creatorowner Creator Owner
everyone Everyone group
guests Guests group
networkservice Network service account
service Local service account
system Local system account
users Users group
The usergroup that I need is IUSR, how can I grant all rights to this group ?

Inno Setup does not have any built-in functionality for creating users groups (nor accounts). Neither it allows settings permissions specifically for a certain group or account.
So for both, you need to invoke respective command-line tools.
For creating a user group, use net localgroup.
For setting permissions, use cacls or icalcs.
See Inno Setup - How to give one specific user rights to a folder

Related

New environment has all users added by default and cannot remove users?

I have created a new environment where I only want a sub set of people to be able to create apps and flows. However it seems like everybody is added by default and cannot be removed?
This is the expected functionality. When you create a Dataverse database in an environment all licensed users will be added. Users do not have any access to the database unless you assign them a security role.
Once a user is added to the Dataverse database that user record cannot be deleted. They can be inactivated, but not deleted.
You can control this behavior by defining a security group at the time of database creation. If you define a security group only the members of the security group will be added as users to the database.
When creating the database you can assign a security group:
From https://learn.microsoft.com/en-us/power-platform/admin/control-user-access:
When users are added to the security group, they are added to the Dataverse environment.
When users are removed from the group, they are disabled in the Dataverse environment.
When a security group is associated with an existing environment with users, all users in the environment that are not members of the group will be disabled.
If a Dataverse environment does not have an associated security group, all users with a Dataverse license (customer engagement apps (Dynamics 365 Sales, Dynamics 365 Customer Service, Dynamics 365 Field Service, Dynamics 365 Marketing, and Dynamics 365 Project Service Automation), Power Automate, Power Apps, etc.) or per app plan will be created as users and enabled in the environment.
If a security group is associated with an environment, only users with Dataverse licenses or per app plan that are members of the environment security group will be created as users in the Dataverse environment.
When you assign a security group to an environment, that environment will not show up in home.dynamics.com for users not in the group.
If you do not assign a security group to an environment, the environment will show up in home.dynamics.com even for those who have not been assigned a security role in that Dataverse environment.
If you do not specify a security group, all users who have a Dataverse license (customer engagement apps (such as Dynamics 365 Sales and Customer Service)) or per app plan will be added to the new environment.
New: Security groups cannot be assigned to default and developer environment types. If you've already assigned a security group to your default or developer environment, we recommend removing it since the default environment is intended to be shared with all users in the tenant and the developer environment is intended for use by only the owner of the environment.
Dataverse environments support associating the following group types: Security and Microsoft 365. Associating other group types is not supported.

Yii rights issue on multiuser login

How to create yii rights menu for two different user logins where they have separate roles and permissions for them .In brief yii rights module to be created separately for two different user logins.
I have created an application where every individual group of users must have a role created for them. Say for example there is a group such as joy they should have separate rights extension and another group fun those users must have separate rights extension to them

SQL Server : Security User Login

Our WMS uses a database TSECURE to handle all logins from our WMS. I am thinking of creating my own new software for upload purposes only. In this tsecure we maintain / add different security user logins for different users. For example, I must create a WMS Access for Alex, I will create first a SQL Server login for alex, then add his [wms_user + wms_pass] to [TSECURE] with DB credentials under [sql_server_user_alex / pass].
My questions:
Is it necessary to use different security logins for different users?
Would it be OK to just use a single user for all of them? ex. userS: [alex1] / [joseph2] / [jdoe] / [aron] ... are all under [sa] security login? What would be the downside of this?
As marc_s noted.
The normal approach for this would be: (1) create a Windows group, (2) put your three users into that group, (3) create a SQL Server login for that group, and (4) give that group login the necessary permissions in your database. That way, you can add new members to that Windows group and they'll automatically have all the necessary permissions to access that database. Don't --EVER-- use the sa account in a production system! NO exceptions!
Windows Authentication is much more secure than SQL Authentication.
"Putting all users under SA" - do not do this under any context.
Please review the CIS SQL Server baseline for further guidance.

SQLServer difference between new login and new database user [duplicate]

This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Difference between a User and a Login in SQL Server
Is it enough to create a database login with permission to desired database? Or do I need to create a database user for this login?
A login is a login account for the entire SQL Server instance - an instance can contain numerous databases.
A user is defined at the database level, and is associated with a login to provide interactive access (privileges providing)
Logins are a server side (instance level) objects. Their correct name is 'server principals' (see sys.server_principals). Server wide privileges are granted to logins, like create database or view server state permissions.
Users are a database objects, correctly referred to as 'database principals' (see sys.database_principals). They are the recipients of database permissions, like create table or select.
Ordinarily a login is mapped 1-to-1 to a user in each database, via a matching SID, but there are some exception, like all members of the sysadmin fixed server role are always mapped to dbo.
Users without login are a specific construct for Service Broker remote identities (see Remote Service Bindings) and for code signing. You should never have to create one in any other context, and if you do, you're likely doing it wrong. Users without login are never meant to be impersonated.

Creating database role in sql server that can be mapped to multiple logins

Scenario..
1 database role - 5 developers needs to be mapped with same access.
All 5 developers must login to sql server using there own username and password.
I want all these 5 developers must be mapped to 1 unique database role. So that if I changes permissions of this roles. All the developers are promoted to same permissions.
How to do this.
Currently when I creates a login using wizard It asks me for creating database user along with it. Which I don't want bcoz I want all logins to be mapped to single role.
Never create database logins for individual users.
First step is to create an NT group:
Net Localgroup MyDatabaseLoginGroup /Add
Net LocalGroup MyDatabaseLoginGroup /Add UserName1
Alternatively you could use a Domain login for this.
Second step is to create a Server and Database login for the group DOMAIN\MyDatabaseLoginGroup. Call it MydatabaseLoginGroup.
Third step is to create a database Role, DatabaseRoleName and make the group a member of it.
You should manage all internal permissions via database roles. You can make the Database logins map to as many roles as you like. Ideally each role would encompass a reasonable set of required functionality which can be granted as a block.