Please be aware that the SAP SQL Anywhere Forum will be shut down on August 29th, 2024 when all it's content will be migrated to the SAP Community.

I see where you can set the login_mode database option to standard, integrated but that is for the entire database. Is there a way to manage login_mode at the user level? I'd like to prevent certain database users(mainly those with elevated, dba type privileges) from using integrated login, only user id and password. I don't want the users to map the elevated database user account to a windows account to keep them from logging into our application with the elevated user account.

Any experience with this? Or, should I be looking at this a different way?

Appreciate the help.

asked 06 Sep '19, 09:21

user2359's gravatar image

accept rate: 100%

I guess you are using integrated logins for Windows groups, right?

So I guess you have to

  • either exclude those users from the according Windows group,

  • or add a second integrated login for a different Windows group to a different database user, and put those undesired users in the second group: When an OS user belongs to multiple groups which have integrated login mappings to different database users, they cannot connect via integrated logins, as documented here...

permanent link

answered 06 Sep '19, 09:33

Volker%20Barth's gravatar image

Volker Barth
accept rate: 34%

converted 06 Sep '19, 09:33

Volker, thank you. We do not use Windows user groups with integrated login. We map one Windows user account to a db user.

ex. grant integrated login to "domain\" as user dbuser1;

Problem is we don't have control over the domain and/or active directory.

But, this is interesting and an approach we have not considered.

(06 Sep '19, 10:06) user2359
Replies hidden

Well, if you do not map Windows groups but map each individual Windows user, why do you map those undesired Windows users to integrated logins? In my understanding, you could simply drop the mapping for those...

(06 Sep '19, 10:21) Volker Barth

Well, we have personnel at the remotes and they can do things like map accounts.

We could ask them not to do that. That's probably a good place to start.

(06 Sep '19, 10:29) user2359
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 06 Sep '19, 09:21

question was seen: 1,516 times

last updated: 06 Sep '19, 10:29