Users created vs. users in SQL
So I'm looking at this application first time today, since I've heard its a good alternative to VisionApp, and it look incredibly powerfull and promising.
I've got one issue that I can't get past, or dont understand and its holding me back from conintuing to use this for the porpose I need it for:
I cannot seem to be able to log in with the users i create in the program. The only way I know of viewing the content of the database I've created with my admin user (who is also db owner of the database) is to log in with a user that has dbowner on the database, which is crazy, I would never give low end support access to a dbowner account on a database containing this sort of information. This has to be wrong right?
What I envisioned was that all I need to supply end users of the system with (in form of a SQL securable), would be a SQL login with very limited access to my SQL server (public) and the RDM database (perhaps read on an encrypted table containing valid logins)? When they start the program all they would be prompted with would be an authentication window where they put their AD-user (if thats what I go for) that I have added inside RDM Users and tied to a role, a role which is tied to a security group that is again tied to a group in the session hierarcy that I want this users to be able to see and access (an whatever rights I give the role he/she is member of).
Have I got the right idea about this application? Because the only way I can see of adding team content in the program for an end user is to add a data source (SQL) which then asks me for a SQL account that has dbowner rights on the database, and then doesnt ask me for RDM-spesific authenication but opens the program and gives me full access to everything...
All Comments (4)
Hello,
You are correct, no need to be owner in order to view sessions.
I would need more information on the error that you get when attempting to log in with other users. You say that you cannot seem to be able to log in, could you add more details?
The authentication against the data source is in the data source definition, each user must have their own credentials in there. Please consult on a recent blog that covered that very topic http://blog.devolutions.net/2015/11/why-can-my-colleagues-see-my-credentials.html
For the security aspect, we have a video titled "Spotlight on - Security Groups" http://remotedesktopmanager.com/Support/Video?v=5ejIIg-t8I4#SpotlightOn
Best regards,
Maurice
While you replied yesterday i figured out i had to create the users manually on the instance and database, even if I had created them inside of RDM with a SQL-user having the db owner role. As for the error I am unable to replicate it and I do not remember what I did when it asked me for an account with the db owner role.
Anyway, is it so that I have to manually authorize users in SSMS even if I have added them as users in RDM?
And, if a user only has read on the database, but is member of a role that grants edit on session elements, will he fail to edit?
RDM is able to create users and grant permissions without having to intervene in the process. If its not your case, then you are experiencing an issue. All other steps that you take make it impossible to identify the root cause.
There are two workflows:
Creating administrators require that the user performing the task has been granted the relevant privilege with the WITH GRANT option. Plain users require nothing like that.
I would like you to create a new user using RDM, then go in SQL Mgmt studio run the following query in the RDM database[code]sp_helprotect[/code]
Please send us the results of that query.
Best regards,
Maurice
In RDM i created the user "testuser", and gave that user a custom role with access to a couple of security groups.
I also check the SQL server error log for failed authentications, found non, just fyi.
Im also not sure if I mentioned this, but the server is running SQL Server 2016, if that matters.
Owner Object Grantee Grantor ProtectType Action Column
dbo Attachment NUTS\Ketil dbo Grant Delete .
dbo Attachment NUTS\Ketil dbo Grant Insert .
dbo Attachment NUTS\Ketil dbo Grant Update (All+New)
dbo Connections NUTS\Ketil dbo Grant Delete .
dbo Connections NUTS\Ketil dbo Grant Insert .
dbo Connections NUTS\Ketil dbo Grant Update (All+New)
dbo DatabaseInfo NUTS\Ketil dbo Grant Delete .
dbo DatabaseInfo NUTS\Ketil dbo Grant Insert .
dbo DatabaseInfo NUTS\Ketil dbo Grant Update (All+New)
dbo GroupInfo NUTS\Ketil dbo Grant Delete .
dbo GroupInfo NUTS\Ketil dbo Grant Insert .
dbo GroupInfo NUTS\Ketil dbo Grant Update (All+New)
dbo UserGroupInfo NUTS\Ketil dbo Grant Delete .
dbo UserGroupInfo NUTS\Ketil dbo Grant Insert .
dbo UserGroupInfo NUTS\Ketil dbo Grant Update (All+New)
dbo UserInfo NUTS\Ketil dbo Grant Delete .
dbo UserInfo NUTS\Ketil dbo Grant Insert .
dbo UserInfo NUTS\Ketil dbo Grant Update (All)
dbo UserSecurity NUTS\Ketil dbo Grant Delete .
dbo UserSecurity NUTS\Ketil dbo Grant Insert .
dbo UserSecurity NUTS\Ketil dbo Grant Update (All+New)
sys all_columns public dbo Grant Select (All)
sys all_objects public dbo Grant Select (All)
sys all_parameters public dbo Grant Select (All)
sys all_sql_modules public dbo Grant Select (All)
sys all_views public dbo Grant Select (All)
sys allocation_units public dbo Grant Select (All)
sys assemblies public dbo Grant Select (All)
sys assembly_files public dbo Grant Select (All)
sys assembly_modules public dbo Grant Select (All)
sys assembly_references public dbo Grant Select (All)
sys assembly_types public dbo Grant Select (All)
sys asymmetric_keys public dbo Grant Select (All)
sys certificates public dbo Grant Select (All)
sys change_tracking_tables public dbo Grant Select (All)
sys check_constraints public dbo Grant Select (All)
sys column_encryption_key_values public dbo Grant Select (All)
sys column_encryption_keys public dbo Grant Select (All)
sys column_master_key_definitions public dbo Grant Select (All)
sys column_store_dictionaries public dbo Grant Select (All)
sys column_store_row_groups public dbo Grant Select (All)
sys column_store_segments public dbo Grant Select (All)
sys column_type_usages public dbo Grant Select (All)
sys column_xml_schema_collection_usages public dbo Grant Select (All)
sys columns public dbo Grant Select (All)
sys computed_columns public dbo Grant Select (All)
sys conversation_endpoints public dbo Grant Select (All)
sys conversation_groups public dbo Grant Select (All)
sys conversation_priorities public dbo Grant Select (All)
sys crypt_properties public dbo Grant Select (All)
sys data_spaces public dbo Grant Select (All)
sys database_audit_specification_details public dbo Grant Select (All)
sys database_audit_specifications public dbo Grant Select (All)
sys database_credentials public dbo Grant Select (All)
sys database_files public dbo Grant Select (All)
sys database_permissions public dbo Grant Select (All)
sys database_principals public dbo Grant Select (All)
sys database_role_members public dbo Grant Select (All)
sys database_scoped_credentials public dbo Grant Select (All)
sys default_constraints public dbo Grant Select (All)
sys destination_data_spaces public dbo Grant Select (All)
sys event_notifications public dbo Grant Select (All)
sys events public dbo Grant Select (All)
sys extended_procedures public dbo Grant Select (All)
sys extended_properties public dbo Grant Select (All)
sys external_data_sources public dbo Grant Select (All)
sys external_file_formats public dbo Grant Select (All)
sys external_tables public dbo Grant Select (All)
sys filegroups public dbo Grant Select (All)
sys filetable_system_defined_objects public dbo Grant Select (All)
sys filetables public dbo Grant Select (All)
sys foreign_key_columns public dbo Grant Select (All)
sys foreign_keys public dbo Grant Select (All)
sys fulltext_catalogs public dbo Grant Select (All)
sys fulltext_index_catalog_usages public dbo Grant Select (All)
sys fulltext_index_columns public dbo Grant Select (All)
sys fulltext_index_fragments public dbo Grant Select (All)
sys fulltext_indexes public dbo Grant Select (All)
sys fulltext_stoplists public dbo Grant Select (All)
sys fulltext_stopwords public dbo Grant Select (All)
sys function_order_columns public dbo Grant Select (All)
sys hash_indexes public dbo Grant Select (All)
sys identity_columns public dbo Grant Select (All)
sys index_columns public dbo Grant Select (All)
sys indexes public dbo Grant Select (All)
sys internal_partitions public dbo Grant Select (All)
sys internal_tables public dbo Grant Select (All)
sys key_constraints public dbo Grant Select (All)
sys key_encryptions public dbo Grant Select (All)
sys masked_columns public dbo Grant Select (All)
sys memory_optimized_tables_internal_attributes public dbo Grant Select (All)
sys message_type_xml_schema_collection_usages public dbo Grant Select (All)
sys module_assembly_usages public dbo Grant Select (All)
sys numbered_procedure_parameters public dbo Grant Select (All)
sys numbered_procedures public dbo Grant Select (All)
sys objects public dbo Grant Select (All)
sys parameter_type_usages public dbo Grant Select (All)
sys parameter_xml_schema_collection_usages public dbo Grant Select (All)
sys parameters public dbo Grant Select (All)
sys partition_functions public dbo Grant Select (All)
sys partition_parameters public dbo Grant Select (All)
sys partition_range_values public dbo Grant Select (All)
sys partition_schemes public dbo Grant Select (All)
sys partitions public dbo Grant Select (All)
sys periods public dbo Grant Select (All)
sys plan_guides public dbo Grant Select (All)
sys procedures public dbo Grant Select (All)
sys query_context_settings public dbo Grant Select (All)
sys query_store_plan public dbo Grant Select (All)
sys query_store_query public dbo Grant Select (All)
sys query_store_query_text public dbo Grant Select (All)
sys query_store_runtime_stats public dbo Grant Select (All)
sys query_store_runtime_stats_interval public dbo Grant Select (All)
sys registered_search_properties public dbo Grant Select (All)
sys registered_search_property_lists public dbo Grant Select (All)
sys remote_data_archive_databases public dbo Grant Select (All)
sys remote_data_archive_tables public dbo Grant Select (All)
sys remote_service_bindings public dbo Grant Select (All)
sys routes public dbo Grant Select (All)
sys schemas public dbo Grant Select (All)
sys security_policies public dbo Grant Select (All)
sys security_predicates public dbo Grant Select (All)
sys selective_xml_index_namespaces public dbo Grant Select (All)
sys selective_xml_index_paths public dbo Grant Select (All)
sys sequences public dbo Grant Select (All)
sys service_contract_message_usages public dbo Grant Select (All)
sys service_contract_usages public dbo Grant Select (All)
sys service_contracts public dbo Grant Select (All)
sys service_message_types public dbo Grant Select (All)
sys service_queue_usages public dbo Grant Select (All)
sys service_queues public dbo Grant Select (All)
sys services public dbo Grant Select (All)
sys spatial_index_tessellations public dbo Grant Select (All)
sys spatial_indexes public dbo Grant Select (All)
sys sql_dependencies public dbo Grant Select (All)
sys sql_modules public dbo Grant Select (All)
sys stats public dbo Grant Select (All)
sys stats_columns public dbo Grant Select (All)
sys symmetric_keys public dbo Grant Select (All)
sys synonyms public dbo Grant Select (All)
sys syscolumns public dbo Grant Select (All)
sys syscomments public dbo Grant Select (All)
sys sysconstraints public dbo Grant Select (All)
sys sysdepends public dbo Grant Select (All)
sys sysfilegroups public dbo Grant Select (All)
sys sysfiles public dbo Grant Select (All)
sys sysforeignkeys public dbo Grant Select (All)
sys sysfulltextcatalogs public dbo Grant Select (All)
sys sysindexes public dbo Grant Select (All)
sys sysindexkeys public dbo Grant Select (All)
sys sysmembers public dbo Grant Select (All)
sys sysobjects public dbo Grant Select (All)
sys syspermissions public dbo Grant Select (All)
sys sysprotects public dbo Grant Select (All)
sys sysreferences public dbo Grant Select (All)
sys system_columns public dbo Grant Select (All)
sys system_objects public dbo Grant Select (All)
sys system_parameters public dbo Grant Select (All)
sys system_sql_modules public dbo Grant Select (All)
sys system_views public dbo Grant Select (All)
sys systypes public dbo Grant Select (All)
sys sysusers public dbo Grant Select (All)
sys table_types public dbo Grant Select (All)
sys tables public dbo Grant Select (All)
sys transmission_queue public dbo Grant Select (All)
sys trigger_events public dbo Grant Select (All)
sys triggers public dbo Grant Select (All)
sys type_assembly_usages public dbo Grant Select (All)
sys types public dbo Grant Select (All)
sys views public dbo Grant Select (All)
sys xml_indexes public dbo Grant Select (All)
sys xml_schema_attributes public dbo Grant Select (All)
sys xml_schema_collections public dbo Grant Select (All)
sys xml_schema_component_placements public dbo Grant Select (All)
sys xml_schema_components public dbo Grant Select (All)
sys xml_schema_elements public dbo Grant Select (All)
sys xml_schema_facets public dbo Grant Select (All)
sys xml_schema_model_groups public dbo Grant Select (All)
sys xml_schema_namespaces public dbo Grant Select (All)
sys xml_schema_types public dbo Grant Select (All)
sys xml_schema_wildcard_namespaces public dbo Grant Select (All)
sys xml_schema_wildcards public dbo Grant Select (All)
. . User5 dbo Grant CONNECT .
. . User4 dbo Grant CONNECT .
. . dbo dbo Grant CONNECT .
. . NUTS\Ketil dbo Grant ALTER ANY USER .
. . NUTS\Ketil dbo Grant CONNECT .
. . NUTS\Ketil dbo Grant Delete .
. . NUTS\Ketil dbo Grant Insert .
. . NUTS\Ketil dbo Grant Select .
. . NUTS\Ketil dbo Grant Update .
. . User0 dbo Grant CONNECT .
. . User1 dbo Grant CONNECT .
. . User2 dbo Grant CONNECT .