I am checking the possibility to use crm2013, I want to create all of my users out side of active directory.
Is it possible?
if you ask why, so for 3 main reasons.
AD is a pain in the ass when it comes to maintenance and environment duplication.
I need to give access to outsiders and I dont want to create them on my active directory.
My company does not want to use AD.
Thanks
for CRM 2013 OnPremise you must use AD, there are no alternatives.
For CRM Online the synchronization between Office365 users and AD users is optional.
Related
Let me preface this with the fact that I don't know much about VBA. I have created a database that will be split and the front end will be distributed to 14 different project managers. The database is intended to allow users to enter bi-weekly updates to their projects. I hope to get some guidance on creating usernames and passwords so that PMs can only access their project data.
I don't mind creating and issuing usernames and passwords to each user, but I am trying to avoid creating 14 copies of the database. That would make providing updated databases a nightmare.
Hopefully this isn't too basic of a question for this group.
yes, you can control users access, you need to create a user table in your backend database that will hold their firstname, surname, password, and any other user specific data that you might need, e.g. department, access level, etc.
In your front end, you need a login form and you make that the Display Form for your fe (set in the access options menu). You check the username and password entered matches what is held in your database, and if it's correct, you load the appropriate form, usually a main menu, and show them the appropriate data based on the login they used. You may need to hold the login they used in a TempVar, so you can access it from any form, report, query etc in your frontend.
You will need something like LASsie (Light Application Security) or program a similar solution yourself.
Also, you may enjoy my article Deploy and update a Microsoft Access application with one click.
(If you don't have an account, browse for the link: Read the full article.)
We have an employee that recently left the company, and I have a bunch of SSRS reports that she has access to. Is there a way to remove her from all of the reports at once, or do I have to go one by one?
You can delete the user from the reportserver database.
Then, the user can no longer be verified, and a login becomes impossible.
PS: Backup the ReportServer database first, just in case...
DELETE FROM [ReportServer].[dbo].[PolicyUserRole]
WHERE UserID IN
(
SELECT UserID FROM Users WHERE UserName ='blabla'
)
DELETE FROM Users WHERE UserName ='blabla'
Presumably the reports security are based on Active Directory?
If she no longer has access to your network then she would not be able to access the reports.
If you have granted AD groups access rather than individual AD logins you could request that she is removed from each AD Group she is within, otherwise you will have to remove her individually from each report.
On a side note, if her AD account has been deleted then she will not be able to access the reports anyway, even if she could access the network?
We have a Power User who knows the database very well and has become a great asset since we gave him access with SQL Server Management Studio. Unfortunately, we also gave him a user/pwd used by all Development which carries ability to change data.
Without going into all the wrongs behind having such a privileged db-user and giving such access an end user, is there a tool that would give the user ability to query without any ability to update/insert/drop/ or anything else?
My guess is that the user probably does not want to change the database -- for his/her protection as well as yours.
Just enable this user's login using Window to have read-only access. Or, set up another read-only user and give it to the power user. At the extreme, you may need to change the password of your super user account.
I would recommend in the mean time that you set up a development group, give the group privileges, and assign the developers to the group. They can then login through that id. Perhaps one day, you'll be able to disable your super user account. For now, you should think about ways to work around it.
I have read a lot, but still i can't find the point that i want which is the following:
If i can connect to sql via windows authentication mode, then that mean after i install my software with it's database the user can easily look and manipulate my database, and if i want to revoke any role i will be limiting my program when it's going to access the database.
Is there a way to limit the user access on the database while my program can have a full access without any problems.
The application doesn't have to login to sql using the account that it's being run from. So create a seperate user account for the application that has all the rights it needs and login using that account from the application.
Alternatively, you can just setup a seperate login using sql server authentication and then you won't need another user account.
If this isn't your application and you can't modify it to use a different account to login with, then you could run the application itself under another account. When you hold shift and right click an icon you'll see it gives you an option to do so. However, I don't know how you would set the application up to automatically run that way without the user having to know the password to type in. I think it's possible though.
Also, I think when you set the account up you can set it as a special type that users can't actually login with. So they could know the password to it to run the application, but they wouldn't be able to actually login under that account to do anything with it. This wouldn't prevent someone smart enough from gaining access, but it's a good safeguard.
Am I doing this right?
I have a client, they currently have a portal for their users, all their users are in an oracle database. They want to move to SharePoint 2010.
The user will log into the site via their username and password, which I will need to migrate from their existing database. The users also have account information, which I'll need to query FROM their existing database in Oracle (over a VPN tunnel from the web front end to their Oracle DB).
For the user authentication;
ASP.NET Membership -
I tried to configure my application to run under FBA. The aspnet_regsql.exe application created Users and Roles tables in my database (and a whole bunch of other ones). I need to add account_id, which is a foreign key to the client's database, and firstname, last name, which we'll store and need to surface on our application.
Where to I create the account_id and other fields that need to be associated to the user?
Is the ASPNET Profile table the same as the SharePoint Profile from the API? How do I populate this database to try?
Through IIS? Do I need to write a custom registration webpart, or can I somehow add custom columns to the profile and reprovision the ASP.NET user registration control in a visual webpart?
Thanks in advance for the help!
The ASPNet profile table is not the same as the SharePoint Profile. The SharePoint Profiles are assigned their own database thus much more robust where as theASPNET profile contains all of the propertynames/values for a single user in a single row, not really the best deal.
Your can use IIS to populate the users/roles, but you need to keep changing the Default Role and Membership providers. One way will let you add users and roles, but not let you log into SharePoint. The other vice versa. You can create the properties for the profile and assign them default values but I don't beleive you can set them on a user by user basis, I won't swear to that though. I found this tool on codeplex for FBA management but have not had time to test it yet.
I am also trying to figure out the FBA/user profile question. SharePoint is smart enough to create profiles for Windows accounts. I am hoping that once the providers for FBA are created it will pull the users name and basic info from the FBA provider and create SharePoint profiles as well so that I can use the UserProfileManager to access/store profile based information from the SharePoint profile database. It looks like you can configure the User Profile Service to sync with other sources, thats what I am going to investigate once I have some more free time.
try the new ASP.Net Identity System.
Introduction to ASP.NET Identity
and
Customizing User's Profile to add new fields in brand new database table here