SP_Change_Users_Login

I am moving several databases that belongs to a single application from MSSQL2000 to MSSQL2005. After sucessfully moved and converted the databases I need to fix the users login and I am using sp_change_users_login procedure to do so. My questions are: I have an application user that needs to be fixed in several databases - how can I fixed the login all once? Also is there a way to turned the check_policy off at the same time I fixed the logins?

thank you

[592 byte] By [Pereira] at [2008-1-9]

«« How to get the information of wireless LAN Adapter using C/C++ with Windows XP or mobile?
»» Creating hidden users and hidden clones of bugs

# 1

You will have to do that per database.

Check policy can ve turned of using:

Code Snippet
ALTER LOGIN SomeLogin WITH CHECK_POLICY = OFF 

Jens K. Suessmeyer

http://www.sqlserver2005.de

JensK.Suessmeyer at 2007-10-2 >

top of Msdn Tech,SQL Server,SQL Server Security...

# 2

I can't fix per database because once I run the procedure to fix the login for the first time it will not fix the same login for another database. As I said I have this same login in each database. This particular login is the application user. Any other ideas?

Pereira at 2007-10-2 >

# 3

If I understand the problem, you have the same user (i.e. the SID is the same) on all databases, correct? You can find the SID using the following query:

SELECT sid FROM sys.database_principals WHERE name = 'user_name'

And then create a login with the corresponding SID and the password policy setting you need, for example:

CREATE LOGIN [login_name]

WITH PASSWORD = 'password',

CHECK_POLICY = OFF,

SID = 0x<SID_IN_BINARY_FORMAT>

Because the users are mapped to logins via the SID, all database users that are mapped to the same login will be fixed.

Please let us know if this information helped or if you have any additional questions.

Thanks,

-Raul Garcia

SDE/T

SQL Server Engine

RaulGarcia-MS at 2007-10-2 >

# 4

Raul,

I do have the same user (application user) in several databases. But when I check the SID in each database they do not match (they all have different IDs). How to proceed? thanks a lot.

Pereira at 2007-10-2 >

# 5

It's hard to say without knowing what the purpose of these users is. It also looks like you've had this situation before the upgrade. If you just want to make all users map to the same login, you can create the login, like Raul indicated, and then you can map the users that have a different SID to this same login by using the ALTER USER ... WITH LOGIN statement that I discussed at http://blogs.msdn.com/lcris/archive/2007/02/19/sql-server-2005-some-new-security-features-in-sp2.aspx. This should make all users have that login's sid. But you should understand how you got in this situation in the first place - were these users supposed to really map to the same login? From some background on how logins map to users, it may also help to take a look at this: http://blogs.msdn.com/lcris/archive/2007/03/23/basic-sql-server-security-concepts-logins-users-and-principals.aspx.

Thanks

Laurentiu

LaurentiuCristofor at 2007-10-2 >

SQL Server Hot Topic

SQL Server New Topic

SQL Server

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech

it's Archive about 'SP_Change_Users_Login...'

SP_Change_Users_Login

SQL Server Hot Topic

SQL Server New Topic

SQL Server

Site Classified