I created a SQL login name which I'm specifically intending to use as the
login id that can allow a user to change their own password. I currently
have this login id permission checked off as 'Security Administrators' in
the Server Roles tab but I noticed by checking this off it gives all of the
other security permissions listed. Is there a way to only allow this
specific login id to change passwords but not any other security permission?
Can anyone advise if this is a safe practice or should I be doing a
different approach in letting users change their own passwords?No...not a safe practice. Users can change their own
passwords without needing to implement any security changes.
Check books online and look up sp_password.
By default, public has execute permissions on this system
stored procedure. Logins that aren't members of sysadmins or
securityadmins can only change their own passwords. That is
what you would want.
-Sue
On Thu, 27 Apr 2006 11:07:53 -0700, "J"
<IDontLikeSpam@.Nowhere.com> wrote:
>I created a SQL login name which I'm specifically intending to use as the
>login id that can allow a user to change their own password. I currently
>have this login id permission checked off as 'Security Administrators' in
>the Server Roles tab but I noticed by checking this off it gives all of the
>other security permissions listed. Is there a way to only allow this
>specific login id to change passwords but not any other security permission
?
>Can anyone advise if this is a safe practice or should I be doing a
>different approach in letting users change their own passwords?
>|||Thanks a bunch for your reply Sue. I really appreciate it.
When you mean the Public role are you referring to the Public role in my
user defined database or the master database? I tried to execute
sp_password from my .asp page to change my own password being logged in as a
regular database user and am getting the following error message:
'Only members of the sysadmin role can use the loginame option. The password
was not changed.'
Thanks Sue.
J
"Sue Hoegemeier" <Sue_H@.nomail.please> wrote in message
news:g8b2529vut87cmv4491mgimg07lfnr6ve4@.
4ax.com...
> No...not a safe practice. Users can change their own
> passwords without needing to implement any security changes.
> Check books online and look up sp_password.
> By default, public has execute permissions on this system
> stored procedure. Logins that aren't members of sysadmins or
> securityadmins can only change their own passwords. That is
> what you would want.
> -Sue
> On Thu, 27 Apr 2006 11:07:53 -0700, "J"
> <IDontLikeSpam@.Nowhere.com> wrote:
>
>|||Actually I just found out that I just needed to remove the last parameter of
supplying the login id and it worked fine.
Thanks again :-)
J
"J" <IDontLikeSpam@.Nowhere.com> wrote in message
news:eMPVF0kaGHA.3532@.TK2MSFTNGP05.phx.gbl...
> Thanks a bunch for your reply Sue. I really appreciate it.
> When you mean the Public role are you referring to the Public role in my
> user defined database or the master database? I tried to execute
> sp_password from my .asp page to change my own password being logged in as
> a regular database user and am getting the following error message:
> 'Only members of the sysadmin role can use the loginame option. The
> password was not changed.'
> Thanks Sue.
> J
>
> "Sue Hoegemeier" <Sue_H@.nomail.please> wrote in message
> news:g8b2529vut87cmv4491mgimg07lfnr6ve4@.
4ax.com...
>|||No problem...thanks for posting back.
-Sue
On Thu, 27 Apr 2006 16:31:46 -0700, "J"
<IDontLikeSpam@.Nowhere.com> wrote:
>Actually I just found out that I just needed to remove the last parameter o
f
>supplying the login id and it worked fine.
>Thanks again :-)
>J
>
>"J" <IDontLikeSpam@.Nowhere.com> wrote in message
>news:eMPVF0kaGHA.3532@.TK2MSFTNGP05.phx.gbl...
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment