What exactly is a trusted connection?

Hi

"paro" wrote:

> On some level I know how to use a trusted connection, but I am not actually
> certain what a trusted connection really is. I can't seem to find a clear
> explanation of what it is. What I mean is, was long as windows authentication
> is configured with sql server 2005, is any valid windows network 'trusted' as
> far as the term is used for sql server connectivity?
>
> I made another query here yesterday titled "SQL Server 2005 Express, how to
> view executable permissions?", if anyone care to respond it'd be very helpful.
>

If you are using a Trusted connection then SQL Server will use Windows
Authentication to validate your access to the SQL server instance. Depending
on how you are connecting you may use the Trusted_Connection or Integrated
Security options in the connection string. It does not mean that you will
have permissions to connect or permissions on any securables (although by
default local administrators will be allocated System Administrator
privileges). These will still need to be granted either directly or indirecty
(e.g through a role or windows security group) to that user.

Check out Windows Authentication Mode in books online for more.

HTH

John

Hi

"paro" wrote:

> On some level I know how to use a trusted connection, but I am not actually
> certain what a trusted connection really is. I can't seem to find a clear
> explanation of what it is. What I mean is, was long as windows authentication
> is configured with sql server 2005, is any valid windows network 'trusted' as
> far as the term is used for sql server connectivity?
>
> I made another query here yesterday titled "SQL Server 2005 Express, how to
> view executable permissions?", if anyone care to respond it'd be very helpful.
>

If you are using a Trusted connection then SQL Server will use Windows
Authentication to validate your access to the SQL server instance. Depending
on how you are connecting you may use the Trusted_Connection or Integrated
Security options in the connection string. It does not mean that you will
have permissions to connect or permissions on any securables (although by
default local administrators will be allocated System Administrator
privileges). These will still need to be granted either directly or indirecty
(e.g through a role or windows security group) to that user.

Check out Windows Authentication Mode in books online for more.

HTH

John

Hi

"paro" wrote:

> On some level I know how to use a trusted connection, but I am not actually
> certain what a trusted connection really is. I can't seem to find a clear
> explanation of what it is. What I mean is, was long as windows authentication
> is configured with sql server 2005, is any valid windows network 'trusted' as
> far as the term is used for sql server connectivity?
>
> I made another query here yesterday titled "SQL Server 2005 Express, how to
> view executable permissions?", if anyone care to respond it'd be very helpful.
>

If you are using a Trusted connection then SQL Server will use Windows
Authentication to validate your access to the SQL server instance. Depending
on how you are connecting you may use the Trusted_Connection or Integrated
Security options in the connection string. It does not mean that you will
have permissions to connect or permissions on any securables (although by
default local administrators will be allocated System Administrator
privileges). These will still need to be granted either directly or indirecty
(e.g through a role or windows security group) to that user.

Check out Windows Authentication Mode in books online for more.

HTH

John

On 14/02/2007 John Bell wrote:
>Hi
>
>"paro" wrote:
>
>> On some level I know how to use a trusted connection, but I am not actually
>> certain what a trusted connection really is. I can't seem to find a clear
>> explanation of what it is. What I mean is, was long as windows
authentication
>> is configured with sql server 2005, is any valid windows network 'trusted'
as
>> far as the term is used for sql server connectivity?
>>
>> I made another query here yesterday titled "SQL Server 2005 Express, how to
>> view executable permissions?", if anyone care to respond it'd be very
helpful.
>>
>
>If you are using a Trusted connection then SQL Server will use Windows
>Authentication to validate your access to the SQL server instance. Depending
>on how you are connecting you may use the Trusted_Connection or Integrated
>Security options in the connection string. It does not mean that you will
>have permissions to connect or permissions on any securables (although by
>default local administrators will be allocated System Administrator
>privileges). These will still need to be granted either directly or indirecty
>(e.g through a role or windows security group) to that user.
>
>Check out Windows Authentication Mode in books online for more.
>
>HTH
>
>John
>

Thanks John. I am still not clear on the basic issue I was asking about. I
understand (sort of) how to use a trusted connection. What I don't understand
is what comprises a trusted connection. I just cannot find anything that is
less vague that "a trusted connection is a connection that is trusted".

Like in my example, is any valid user login a trusted connection? IE any
member of the users group in windows? Or does trusted connection mean that the
user is a member of one of the SQL Server specific groups? If I create a new
user, they're a member of the users group only to start with. Is that login
trusted?

On 14/02/2007 John Bell wrote:
>Hi
>
>"paro" wrote:
>
>> On some level I know how to use a trusted connection, but I am not actually
>> certain what a trusted connection really is. I can't seem to find a clear
>> explanation of what it is. What I mean is, was long as windows
authentication
>> is configured with sql server 2005, is any valid windows network 'trusted'
as
>> far as the term is used for sql server connectivity?
>>
>> I made another query here yesterday titled "SQL Server 2005 Express, how to
>> view executable permissions?", if anyone care to respond it'd be very
helpful.
>>
>
>If you are using a Trusted connection then SQL Server will use Windows
>Authentication to validate your access to the SQL server instance. Depending
>on how you are connecting you may use the Trusted_Connection or Integrated
>Security options in the connection string. It does not mean that you will
>have permissions to connect or permissions on any securables (although by
>default local administrators will be allocated System Administrator
>privileges). These will still need to be granted either directly or indirecty
>(e.g through a role or windows security group) to that user.
>
>Check out Windows Authentication Mode in books online for more.
>
>HTH
>
>John
>

Thanks John. I am still not clear on the basic issue I was asking about. I
understand (sort of) how to use a trusted connection. What I don't understand
is what comprises a trusted connection. I just cannot find anything that is
less vague that "a trusted connection is a connection that is trusted".

Like in my example, is any valid user login a trusted connection? IE any
member of the users group in windows? Or does trusted connection mean that the
user is a member of one of the SQL Server specific groups? If I create a new
user, they're a member of the users group only to start with. Is that login
trusted?

On 14/02/2007 John Bell wrote:
>Hi
>
>"paro" wrote:
>
>> On some level I know how to use a trusted connection, but I am not actually
>> certain what a trusted connection really is. I can't seem to find a clear
>> explanation of what it is. What I mean is, was long as windows
authentication
>> is configured with sql server 2005, is any valid windows network 'trusted'
as
>> far as the term is used for sql server connectivity?
>>
>> I made another query here yesterday titled "SQL Server 2005 Express, how to
>> view executable permissions?", if anyone care to respond it'd be very
helpful.
>>
>
>If you are using a Trusted connection then SQL Server will use Windows
>Authentication to validate your access to the SQL server instance. Depending
>on how you are connecting you may use the Trusted_Connection or Integrated
>Security options in the connection string. It does not mean that you will
>have permissions to connect or permissions on any securables (although by
>default local administrators will be allocated System Administrator
>privileges). These will still need to be granted either directly or indirecty
>(e.g through a role or windows security group) to that user.
>
>Check out Windows Authentication Mode in books online for more.
>
>HTH
>
>John
>

Thanks John. I am still not clear on the basic issue I was asking about. I
understand (sort of) how to use a trusted connection. What I don't understand
is what comprises a trusted connection. I just cannot find anything that is
less vague that "a trusted connection is a connection that is trusted".

Like in my example, is any valid user login a trusted connection? IE any
member of the users group in windows? Or does trusted connection mean that the
user is a member of one of the SQL Server specific groups? If I create a new
user, they're a member of the users group only to start with. Is that login
trusted?

One explanation of Windows Authentication versus SQL Server Authentication
from the SQL Server 2000 material covers some of what a trusted connection
is:

http://msdn2.microsoft.com/en-us/aa174511(SQL.80).aspx

Trusted connections are only opened by the SQL Server client software (such
as the ADO.NET, OLE DB, or ODBC provider/driver) if you request a Windows
Authentication (used to be called Integrated Security) connection. The SQL
Server client software then opens a specific kind of network connection that
can only be opened by a process that has already successfully logged on to
Windows using a valid Windows login and password. Since those types of
connections are only possible after Windows has validated the login and
password, the Database Engine software does not have to re-validate the
login and password, it can "trust" that authentication was already performed
by Windows. The security ID of the Windows account is passed as part of the
information concerning the connection.

The above just controls whether the you can open a connection to the
database engine (authentication). After you have connected, you can only
perform actions for which the proper permissions have been assigned to
either your login or any user your login has been mapped to. Part of what a
DBA has to do in Windows Authentication environments is define to the
Databae Engine which Windows accounts and groups used as logins map to
different users in each database, and which permissions are granted to each
user or login.

--
Alan Brewer [MSFT]
SQL Server Documentation Team

Download the latest Books Online update:
http://www.microsoft.com/technet/pro...ads/books.mspx

This posting is provided "AS IS" with no warranties, and confers no rights.

One explanation of Windows Authentication versus SQL Server Authentication
from the SQL Server 2000 material covers some of what a trusted connection
is:

http://msdn2.microsoft.com/en-us/aa174511(SQL.80).aspx

Trusted connections are only opened by the SQL Server client software (such
as the ADO.NET, OLE DB, or ODBC provider/driver) if you request a Windows
Authentication (used to be called Integrated Security) connection. The SQL
Server client software then opens a specific kind of network connection that
can only be opened by a process that has already successfully logged on to
Windows using a valid Windows login and password. Since those types of
connections are only possible after Windows has validated the login and
password, the Database Engine software does not have to re-validate the
login and password, it can "trust" that authentication was already performed
by Windows. The security ID of the Windows account is passed as part of the
information concerning the connection.

The above just controls whether the you can open a connection to the
database engine (authentication). After you have connected, you can only
perform actions for which the proper permissions have been assigned to
either your login or any user your login has been mapped to. Part of what a
DBA has to do in Windows Authentication environments is define to the
Databae Engine which Windows accounts and groups used as logins map to
different users in each database, and which permissions are granted to each
user or login.

--
Alan Brewer [MSFT]
SQL Server Documentation Team

Download the latest Books Online update:
http://www.microsoft.com/technet/pro...ads/books.mspx

This posting is provided "AS IS" with no warranties, and confers no rights.

One explanation of Windows Authentication versus SQL Server Authentication
from the SQL Server 2000 material covers some of what a trusted connection
is:

http://msdn2.microsoft.com/en-us/aa174511(SQL.80).aspx

Trusted connections are only opened by the SQL Server client software (such
as the ADO.NET, OLE DB, or ODBC provider/driver) if you request a Windows
Authentication (used to be called Integrated Security) connection. The SQL
Server client software then opens a specific kind of network connection that
can only be opened by a process that has already successfully logged on to
Windows using a valid Windows login and password. Since those types of
connections are only possible after Windows has validated the login and
password, the Database Engine software does not have to re-validate the
login and password, it can "trust" that authentication was already performed
by Windows. The security ID of the Windows account is passed as part of the
information concerning the connection.

The above just controls whether the you can open a connection to the
database engine (authentication). After you have connected, you can only
perform actions for which the proper permissions have been assigned to
either your login or any user your login has been mapped to. Part of what a
DBA has to do in Windows Authentication environments is define to the
Databae Engine which Windows accounts and groups used as logins map to
different users in each database, and which permissions are granted to each
user or login.

--
Alan Brewer [MSFT]
SQL Server Documentation Team

Download the latest Books Online update:
http://www.microsoft.com/technet/pro...ads/books.mspx

This posting is provided "AS IS" with no warranties, and confers no rights.