Sql-server – ODBC connection for Active Directory user who doesn’t log in to Windows

active-directoryauthenticationsql server

Do you think it is possible to create a SQL Server ODBC Connection for an Active Directory user who doesn't log in to Windows.

Ideally this type of users will be used in a batch process. So, another person logs in and creates a batch process and runs it with another user.

Note: I don't want to enable SQL Server authentication. Instead would like to use Active Directory.

Best Answer

Although you cannot login to SQL Server unless you use either a SQL Server Login or a Windows Account with permissions to connect to the SQL Server, you could create a low-permission user that can EXEC certain stored procedures. Those stored procedures could then contain code that switches into the context of another, more highly privileged account.

EXECUTE AS Login = 'DOMAIN\User';
SELECT * FROM sys.databases;
REVERT

Related Solutions

Sql-server – Will SYSTEM_USER return the unique user id for users authenticated by Active Directory

A call to system_user will return the AD user's name in your case. For instance, if you have a user set up as YourDomain\YourUser1:

select system_user

-- this returns "YourDomain\YourUser1"

If YourDomain\YourUser1 is part of a AD group (i.e. YourDomain\YourGroup1), then it would still have the same output as above (returning "YourDomain\YourUser1").

Postgresql – Active Directory to authenticate user access to Postgres DB through ODBC driver. Is this possible

Active Directory has 3 kinds of authentication: NTLM (NT LAN Manager), Kerberos (GSSAPI), and LDAP. Active Directory is essentially a fancy LDAP server with extra authentication mechansims

LDAP is centralized authentication, but not single sign-on. Your password is the same as when you login to your computer, but you need to login to the database again

NTLM is single sign-on, but only works on Windows. PostgreSQL supports it via SSPI

Kerberos is also single sign-on, but works with Windows and UNIX/Linux/Mac too. You login to your computer, get a Kerberos ticket, and Postgres uses this ticket to authenticate you. Postgres needs to be setup as Service Principal in Active Directory

I would say that Kerberos or SSPI is what you want.

Start with https://www.postgresql.org/docs/current/static/auth-methods.html

Best Answer

Related Solutions

Sql-server – Will SYSTEM_USER return the unique user id for users authenticated by Active Directory

Postgresql – Active Directory to authenticate user access to Postgres DB through ODBC driver. Is this possible

Related Question