I see where you can set the login_mode database option to standard, integrated but that is for the entire database. Is there a way to manage login_mode at the user level? I'd like to prevent certain database users(mainly those with elevated, dba type privileges) from using integrated login, only user id and password. I don't want the users to map the elevated database user account to a windows account to keep them from logging into our application with the elevated user account. Any experience with this? Or, should I be looking at this a different way? Appreciate the help. |
I guess you are using integrated logins for Windows groups, right? So I guess you have to
Volker, thank you. We do not use Windows user groups with integrated login. We map one Windows user account to a db user. ex. grant integrated login to "domain\user.name" as user dbuser1; Problem is we don't have control over the domain and/or active directory. But, this is interesting and an approach we have not considered.
(06 Sep '19, 10:06)
user2359
Replies hidden
Well, if you do not map Windows groups but map each individual Windows user, why do you map those undesired Windows users to integrated logins? In my understanding, you could simply drop the mapping for those...
(06 Sep '19, 10:21)
Volker Barth
Well, we have personnel at the remotes and they can do things like map accounts. We could ask them not to do that. That's probably a good place to start.
(06 Sep '19, 10:29)
user2359
|