When a Windows user logs in, if they do not have an explicit integrated login mapping, but belong to a Windows user group for which there is an integrated login mapping, the user connects to the database as the database user or group specified in the Windows user group's integrated login mapping.
Creating an integrated login for a Windows user group allows any user that is a member of the group to connect to the database without knowing a user ID or password.
See Prevent Windows user groups members from connecting to a database.
If the Windows user belongs to more than one Windows user group, and more than one Windows user group on the computer has an integrated login mapping in the database, then the integrated login only succeeds if all the Windows user groups on the computer have integrated login mappings to the same database user ID. If multiple Windows user groups have integrated login mappings to different database user IDs, an error is returned and the integrated login fails.
For example, consider a database with two user IDs, dbuserA and dbuserB, and the Windows user windowsuser who belongs to the Windows user groups xpgroupA and xpgroupB.
This SQL statement... | Allows... | ||
---|---|---|---|
|
windowsuser to connect to the database using the integrated login mapping set explicitly for windowsuser. | ||
|
windowsuser to connect to the database using the integrated login mapping granted to xpgroupA. | ||
|
windowsuser to connect to the database because both Windows user groups that windowsuser belongs to have an integrated login mapping to the same database user. | ||
|
No connection to the database. When windowsuser attempts to connect to the database, the integrated login fails because each Windows user group has an integrated login mapping to a different database user and windowsuser is a member of both Windows user groups. |
By default, the computer on which the SQL Anywhere database server is running is used to verify Windows user group membership. If the Domain Controller server is on a different computer than the database server, you can specify the name of the Domain Controller server using the integrated_server_name option. For example:
SET OPTION PUBLIC.integrated_server_name = '\\myserver-1'; |
Discuss this page in DocCommentXchange. Send feedback about this page using email. |
Copyright © 2009, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.1 |