SQL Inventory Manager provides a general overview of the users and roles for SQL Server instances and databases. This overview lists some basic information that allows users to better classify and identify discovered instances. It also provides a useful context when users look at an instance under management.
The Users and Principals dialog provides a general overview of logins, roles, users, and schemas for an instance or for a selected database. The information on this dialog allows users to better classify and identify discovered instances. There are two different views on the Users and Principals dialog, the instance level view and the database level view.
Accessing the Users and Principals view.
There are two ways to access the Users and Principals view.
On the Instance Summary section, click View Instance Principals link, this link opens the Users and Principals dialog showing the instance level view for the currently selected instance.
On the database dialog click View Database Principals, this link opens the Users and Principals dialog showing the database level view for the currently selected database.
On the Instance Summary section, click View Instance Principals link, this link opens the Users and Principals dialog with the instance level view selected.
On the database dialog click View Database Principals, this link opens the Users and Principals dialog with the database level view selected.
Add a link from the Instance Summary section of the Instances view, directly underneath the View Configuration link. This link should open the Users and Principals dialog with the “Instance” level selected.
- Add a header “Security Information” and a link “View Database Principals” from the Database Details dialog as shown in the mockup. This link should open the Users and Principals dialog with the database from which the user is navigating selected.
Instance level view
The Instance Level view contains two sections, Logins and Roles
In the instance level view you can view Logins and Roles
Logins
The Logins tab shows a list of all the logins for a server with the following columns:
Name: The name of the Windows user, Windows group, or SQL user.
Object Type: Windows User, Windows Group, or SQL User.
Member Of: A list of the roles the user is a member of, separated by tabs, and line wrapping.
Connect Permission: Granted or Denied.
Login Status: Enabled or Disabled.
Roles
The Roles tab shows all roles for the server with the following columns:
Name: The name of the role
Members: A list of the logins which are members of this role, comma separated and word wrapping.
This dialog will allow users to view logins, roles, users, and schemas for the entire instance or for a selected database.
The instance name and, if appropriate, the database name will be shown at the upper left.
When viewed at the Instance level
There should be a 2 tab control with the tabs “Logins” and “Roles”
On the “Logins” tab there should be a paginated grid showing all logins for the server with the following columns:
Name - The name of the Windows user, Windows group, or SQL user
Object Type - Windows User, Windows Group, or SQL User
Member Of - A list of the roles the user is a member of, separated by tabs, and line wrapping
Connect Permission - Granted or Denied
Login Status - Enabled or Disabled
The list may be validated in SSMS in the server tree under Instance -> Security -> Logins
For any individual user this data can be validated in SSMS by viewing Login Properties and viewing the data on the General, Server Roles, and Status tabs
This data may also be validated using IDERA SQL Secure
The grid should indicate the total number of logins in the lower left
The list should default to 10 rows per page and use the standard page control for navigation
The grid should follow CCL styling
On the “Roles” tab there should be a paginated grid showing all roles for the server with the following columns:
Name - The name of the role
Members - A list of the logins which are members of this role, comma separated and word wrapping. This may be a long list so the column should be as wide as possible.
The list may be validated in SSMS in the server tree under Instance -> Security -> Roles
Note that user defined roles may be generated and these should be tested for name length and special character support
This data may also be validated using IDERA SQL Secure
The grid should indicate the total number of roles in the lower left
The list should default to 10 rows per page and use the standard page control for navigation
The grid should follow CCL styling
When a database is selected
There should be a 3 tab control with the tabs “Users,” “Roles,” and “Schemas”
The “Schemas” tab should not be displayed for SQL 2000 servers, as that concept was not used in SQL 2000
On the “Users” tab there should be a paginated grid showing all roles for the database with the following columns:
Name
User Type - The user type as shown in SSMS under Instance -> Databases -> {Database Name} -> Security -> Users -> {User} -> General … User Type. Possible values are SQL User with Login, SQL User without Login, User mapped to a certificate, User mapped to an asymmetric key, and Windows User.
Login Name - The login name associated with the user. This value may be blank (or null, which should be displayed as a blank).
Has Access - A non-editable checkbox indicating true or false. This should match the list shown in IDERA SQL Secure under Instance -> Databases -> {Database Name} -> Security -> Users
On the “Roles” tab there should be a paginated grid showing all roles for the database with the following columns:
Name
Object Type - Database Role or Application Role
Owner
On the “Schemas” tab there should be a paginated grid showing all roles for the server with the following columns. This tab should not be present for SQL 2000:
Name
Owner