Authenticating connections to SQL Server

All users connect to an iBase SQL Server database using the same SQL Server login identifier (ID) and password, which is saved as part of the database properties.

The SQL Server login is used:

  • when any iBase user logs on to a security file and opens the database

  • when any iBase administrator upsizes a database from Access to SQL Server format, creates a new database or uses the Database Configuration utility

The identity of the user attempting to connect is authenticated by using one of the following mechanisms (as defined as part of the SQL Server login):

  • SQL Server authentication

  • Windows authentication, sometimes called integrated security, where SQL Server accepts the fact that a user has logged on to a Windows domain as sufficient permission to connect to the server. (This is a more secure method than SQL Server authentication because it uses the Kerberos authentication protocol.)

You can also inspect the server and login names in the Database Properties dialog in iBase Designer.

Before you can create or upsize a database, the SQL Server login name and password must be configured in Microsoft SQL Server, for example by your SQL Server administrator. As a minimum, the login must have the dbcreator server role.

Creating databases

After creating an iBase SQL Server database, the SQL Server login and password are stored, encrypted, in the connection file (.idb file).

It is your choice whether all iBase administrators who create databases use the same SQL Server login and password, or whether each iBase administrator has an individual login. Individual logins make it easier for the SQL Server administrator to trace the owner of a database on the server, so you might prefer this option if several users are likely to create databases.

Changing the SQL Server login after database creation

Because the SQL Server login is used when any user logs on to a security file and opens the database, you might prefer to change the login after you create the database to an SQL Server login with a lower level of permissions or to use Windows authentication instead.

You can do this using the Database Configuration utility. This is a much safer method than changing settings while a database is open, using the Database Properties dialog.

If you choose to change the login that is used to a less powerful one suitable for use by iBase users, you must to ask your SQL Server administrator to grant iBase users permissions on the new database.

Note: You could add this login, which should be mapped to a Windows user group, to the model database. This ensures that members of this group are automatically given database access rights to any database created in iBase.