Is there anyway to increase the Domino ACL max size? Or to extend it to allow more entries?
Basically I'm running into the upper limit at about ~550 internet users in the ACL, and would like to give more users access to the database.
Create a group document in server's Domino Directory,
add there all your internet users and
add the group to database's ACL.
Related
I have a requirement of allowing organization level access to one of my storage containers within Azure.
What would be the best way to go about with this?
The access is being implemented via bash script.
1, Create a group and contains the users.
2, After created the group, go to the 'Access Control' of your container, then allow the group you created just now to access.
(Make sure these users don't have access in storage account level. Otherwise they will be able to access the container at the beginning.)
I need to set up a training database on Azure that will allow all users to run Select statements (nothing else, it will be read-only).
Multiple users would all be logging in as the same read-only login, and creating/running select statements via SSMS or some other tool.
Any caveats to doing this? I'm planning on opening up the firewall and allowing all IP addresses to access it.
You can use the AdventureWorkLT database that you can install from Azure portal as shown here.
Take in consideration that Basic tier only allows 300 sessions and 30 concurrent logins. You may have to use Standard tiers depending on the number of sessions expected. Please visit this documentation for more information about limits of Azure SQL tiers.
I understand there is a Domino ini setting for turning off all FT-indexing for an entire server. But is there any way to do this for only some databases on the sever, possibly on a per folder basis?
A fulltext can only be created by a user with manager access to the database.
In a well configured environment NO USER needs manager access to ANY database.
Even administrators don't need that (as there is Full Administration Mode).
So: Give users editor to the databases, manage access to databases with groups (user managed groups if you want), and then decide which databases to index.
In the end give the rules about which databases should have an index to the admins...
Our WMS uses a database TSECURE to handle all logins from our WMS. I am thinking of creating my own new software for upload purposes only. In this tsecure we maintain / add different security user logins for different users. For example, I must create a WMS Access for Alex, I will create first a SQL Server login for alex, then add his [wms_user + wms_pass] to [TSECURE] with DB credentials under [sql_server_user_alex / pass].
My questions:
Is it necessary to use different security logins for different users?
Would it be OK to just use a single user for all of them? ex. userS: [alex1] / [joseph2] / [jdoe] / [aron] ... are all under [sa] security login? What would be the downside of this?
As marc_s noted.
The normal approach for this would be: (1) create a Windows group, (2) put your three users into that group, (3) create a SQL Server login for that group, and (4) give that group login the necessary permissions in your database. That way, you can add new members to that Windows group and they'll automatically have all the necessary permissions to access that database. Don't --EVER-- use the sa account in a production system! NO exceptions!
Windows Authentication is much more secure than SQL Authentication.
"Putting all users under SA" - do not do this under any context.
Please review the CIS SQL Server baseline for further guidance.
I have a Microsoft SQL server database and a set of users.
Now in my app I want to make some functionality only visible, if the user has entered username and password with certain rights (admin).
Since the databases and the usernames and their rights can change, how do i check what permissions/rights an Microsoft SQL server user has?
You can check current user's right on certain securables using [sys.fn_mypermissions][1] which returns all permission on the securable. You can also check a specific permission with HAS_PERMS_BY_NAME. Eg. you can check for CONTROL SERVER permission which implies an administrator is logged in:
SELECT HAS_PERMS_BY_NAME(null, null, 'CONTROL SERVER');
The simplest way to do this is using the IS_MEMBER('rolename') function, that checks whether the user is in the role/group 'db_owner'. The function will perform a check at database level, and returns 1 (Int32), if the user has the specified role.
If you need to check at server level, you can use the IS_SRVROLEMEMBER function. Both are available since SQL Server 2005.
I'm not entirely certain that I understand your problem definition however assuming I do.....
I would suggest that you create a SQL Server Database Role that you can add the relevant application users to, perhaps via some group membership maintained within the App (or a Windows Domain Group). You can use the group to Role mapping to independently manage user membership, from managing the relevant permissions to securables within the database via the Role.
This way, you just need to check that an application User is a member of the relevant application or windows group, without the need to query the security configuration of SQL Server.