I am trying to find a way to check if a user belongs to a program
specific role. Previously we had been using:
// Not Exact but I think it can be followed
hr = m_pDmoSrvr->GetTrueLogin(&login);
LPSQLDMOUSER pUser = 0;
hr = m_pDmoDb->GetUserByName(login, &pUser);
hr = pUser->IsMember(exclRole, &b);
But this does not seem to work if the user is a member of an NT Group
that has been added to the exclRole Role. I may not know what Group was
used to assign the Role.
Is there a way to determine whether the connecting user belongs to a
Role? I tried getting a LPSQLDMOLOGIN and using that but it did not
seem to work.
I'd be grateful for any pointers.
OtisIt looks like your checking to see of a login name, or windows username is a
member of a database role. Logins are not members of database roles; databas
e
users are. You want to test to see if the user that their login maps to is a
member of a database role, not if their login is a member of the role.
"OBQuiet" wrote:
> I am trying to find a way to check if a user belongs to a program
> specific role. Previously we had been using:
> // Not Exact but I think it can be followed
> hr = m_pDmoSrvr->GetTrueLogin(&login);
> LPSQLDMOUSER pUser = 0;
> hr = m_pDmoDb->GetUserByName(login, &pUser);
> hr = pUser->IsMember(exclRole, &b);
> But this does not seem to work if the user is a member of an NT Group
> that has been added to the exclRole Role. I may not know what Group was
> used to assign the Role.
> Is there a way to determine whether the connecting user belongs to a
> Role? I tried getting a LPSQLDMOLOGIN and using that but it did not
> seem to work.
> I'd be grateful for any pointers.
> Otis
>|||"examnotes"
<MarkWilliams@.discussions.microsoft.com> wrote in
news:1F9B3D42-70A4-4474-87A6-7579B2AC8E0D@.microsoft.com:
> It looks like your checking to see of a login name, or windows
> username is a member of a database role. Logins are not members of
> database roles; database users are. You want to test to see if the
> user that their login maps to is a member of a database role, not if
> their login is a member of the role.
>
I believe you are correct but I have not been able to trace through the
options of the SQL-DMO objects to figure out how to manage it.
It seemed like the code I posted was getting the user object. But, at that
level, it seems to only check if the object itself is a member. It does not
check that the object(user) is a member of a group that are all members of
a role. That is what I have to figure out how to do.
Otis
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment