How to access a SQL Server database using another user with permissions in the same intranet
While I'm waiting for my user to get access permissions, I'm stuck using a colleague's, and whenever I try to run basic SQL queries I have to switch from my Windows user to hers.
Hopefully this is clear enough: I want to access a SQL Server for which another user on the same intranet has permissions while I only have her credentials, and that the server utilizes Integrated Security.
sql-server connectivity
add a comment |
While I'm waiting for my user to get access permissions, I'm stuck using a colleague's, and whenever I try to run basic SQL queries I have to switch from my Windows user to hers.
Hopefully this is clear enough: I want to access a SQL Server for which another user on the same intranet has permissions while I only have her credentials, and that the server utilizes Integrated Security.
sql-server connectivity
2
Just an opinion: If you have her credentials, then you have some serious security issues at the company you are working for other than unable to start SSMS with a different account or having to wait for the permission to access a database.
– hot2use
Nov 14 '18 at 12:02
2
If the SQL authentication is turned off and you need integrated windows authentication then indeed you can only switch the client windows user or use „Run As“ (and you and she are most likely violating company policy by sharing an account)
– eckes
Nov 14 '18 at 12:09
2
@hot2use there are too many other issues to rant about, as expected from a company maintaining legacy systems.
– Outman
Nov 14 '18 at 12:36
add a comment |
While I'm waiting for my user to get access permissions, I'm stuck using a colleague's, and whenever I try to run basic SQL queries I have to switch from my Windows user to hers.
Hopefully this is clear enough: I want to access a SQL Server for which another user on the same intranet has permissions while I only have her credentials, and that the server utilizes Integrated Security.
sql-server connectivity
While I'm waiting for my user to get access permissions, I'm stuck using a colleague's, and whenever I try to run basic SQL queries I have to switch from my Windows user to hers.
Hopefully this is clear enough: I want to access a SQL Server for which another user on the same intranet has permissions while I only have her credentials, and that the server utilizes Integrated Security.
sql-server connectivity
sql-server connectivity
edited Dec 5 '18 at 7:26
Outman
asked Nov 14 '18 at 8:43
OutmanOutman
1738
1738
2
Just an opinion: If you have her credentials, then you have some serious security issues at the company you are working for other than unable to start SSMS with a different account or having to wait for the permission to access a database.
– hot2use
Nov 14 '18 at 12:02
2
If the SQL authentication is turned off and you need integrated windows authentication then indeed you can only switch the client windows user or use „Run As“ (and you and she are most likely violating company policy by sharing an account)
– eckes
Nov 14 '18 at 12:09
2
@hot2use there are too many other issues to rant about, as expected from a company maintaining legacy systems.
– Outman
Nov 14 '18 at 12:36
add a comment |
2
Just an opinion: If you have her credentials, then you have some serious security issues at the company you are working for other than unable to start SSMS with a different account or having to wait for the permission to access a database.
– hot2use
Nov 14 '18 at 12:02
2
If the SQL authentication is turned off and you need integrated windows authentication then indeed you can only switch the client windows user or use „Run As“ (and you and she are most likely violating company policy by sharing an account)
– eckes
Nov 14 '18 at 12:09
2
@hot2use there are too many other issues to rant about, as expected from a company maintaining legacy systems.
– Outman
Nov 14 '18 at 12:36
2
2
Just an opinion: If you have her credentials, then you have some serious security issues at the company you are working for other than unable to start SSMS with a different account or having to wait for the permission to access a database.
– hot2use
Nov 14 '18 at 12:02
Just an opinion: If you have her credentials, then you have some serious security issues at the company you are working for other than unable to start SSMS with a different account or having to wait for the permission to access a database.
– hot2use
Nov 14 '18 at 12:02
2
2
If the SQL authentication is turned off and you need integrated windows authentication then indeed you can only switch the client windows user or use „Run As“ (and you and she are most likely violating company policy by sharing an account)
– eckes
Nov 14 '18 at 12:09
If the SQL authentication is turned off and you need integrated windows authentication then indeed you can only switch the client windows user or use „Run As“ (and you and she are most likely violating company policy by sharing an account)
– eckes
Nov 14 '18 at 12:09
2
2
@hot2use there are too many other issues to rant about, as expected from a company maintaining legacy systems.
– Outman
Nov 14 '18 at 12:36
@hot2use there are too many other issues to rant about, as expected from a company maintaining legacy systems.
– Outman
Nov 14 '18 at 12:36
add a comment |
2 Answers
2
active
oldest
votes
You can open SSMS as her Windows user account by doing either of the following:
Right click the SSMS shortcut while holding the SHIFT key. Click on Open as another user and enter the other users credentials.
Create a shortcut in the following format:
C:WindowsSystem32runas.exe /savecred /user:DOMAINUSERNAME
"C:Program Files (x86)Microsoft SQL
Server140ToolsBinnManagementStudioSsms.exe"
You'll need to replace the path to SSMS.exe with your version.
Once you open the shortcut and enter the password for the account, you can then simply double click the shortcut in the future as it will store your credentials for later use.
Thanks a whole lot! I wasn't aware of therunas
command, this is going to be much more helpful in the future than just fixing this problem.
– Outman
Nov 14 '18 at 11:19
add a comment |
There are valid times to runas
an application as a domain account other than your own. Based on the OP wording though, this is not one of them. It may be outside the scope of this site, but before using the accepted answer as a workaround to perform your work responsibilities, you need to get approval in writing from your manager, your coworker, her manager - and have at least notified whoever has authority over security policy for your company. Don’t bother defining what the actions you should be taking are, now that you’re impersonating another user - you are approved to perform every action she is approved to perform.
1
I really appreciate your concern, but I've already gotten permission to temporarily use her account. As to why my question is outside the scope of this site; I used a real world example for the sole purpose of giving more context since abstracting my question would've been a little bit more confusing. But again, much obliged.
– Outman
Nov 14 '18 at 12:56
1
@Outman application impersonation isn’t necessarily outside the scope of this site. Rather my answer on behavioral implementation of security policy may not be strictly on-topic. If you have all the approvals (in writing, that bit is important) mentioned above, then full steam ahead - as long as you understand that this approach is an anti-pattern at best and a risk to you personally at worst.
– Peter Vandivier
Nov 14 '18 at 13:00
Just to add to this answer - which I agree with but don't think it necessarily answers the question posited - I only use this as we are a multi-domain site and I often need to open 4-5 SSMS sessions as different domain accounts, all of which are owned by me.
– George.Palacios
Dec 5 '18 at 12:03
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "182"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f222501%2fhow-to-access-a-sql-server-database-using-another-user-with-permissions-in-the-s%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You can open SSMS as her Windows user account by doing either of the following:
Right click the SSMS shortcut while holding the SHIFT key. Click on Open as another user and enter the other users credentials.
Create a shortcut in the following format:
C:WindowsSystem32runas.exe /savecred /user:DOMAINUSERNAME
"C:Program Files (x86)Microsoft SQL
Server140ToolsBinnManagementStudioSsms.exe"
You'll need to replace the path to SSMS.exe with your version.
Once you open the shortcut and enter the password for the account, you can then simply double click the shortcut in the future as it will store your credentials for later use.
Thanks a whole lot! I wasn't aware of therunas
command, this is going to be much more helpful in the future than just fixing this problem.
– Outman
Nov 14 '18 at 11:19
add a comment |
You can open SSMS as her Windows user account by doing either of the following:
Right click the SSMS shortcut while holding the SHIFT key. Click on Open as another user and enter the other users credentials.
Create a shortcut in the following format:
C:WindowsSystem32runas.exe /savecred /user:DOMAINUSERNAME
"C:Program Files (x86)Microsoft SQL
Server140ToolsBinnManagementStudioSsms.exe"
You'll need to replace the path to SSMS.exe with your version.
Once you open the shortcut and enter the password for the account, you can then simply double click the shortcut in the future as it will store your credentials for later use.
Thanks a whole lot! I wasn't aware of therunas
command, this is going to be much more helpful in the future than just fixing this problem.
– Outman
Nov 14 '18 at 11:19
add a comment |
You can open SSMS as her Windows user account by doing either of the following:
Right click the SSMS shortcut while holding the SHIFT key. Click on Open as another user and enter the other users credentials.
Create a shortcut in the following format:
C:WindowsSystem32runas.exe /savecred /user:DOMAINUSERNAME
"C:Program Files (x86)Microsoft SQL
Server140ToolsBinnManagementStudioSsms.exe"
You'll need to replace the path to SSMS.exe with your version.
Once you open the shortcut and enter the password for the account, you can then simply double click the shortcut in the future as it will store your credentials for later use.
You can open SSMS as her Windows user account by doing either of the following:
Right click the SSMS shortcut while holding the SHIFT key. Click on Open as another user and enter the other users credentials.
Create a shortcut in the following format:
C:WindowsSystem32runas.exe /savecred /user:DOMAINUSERNAME
"C:Program Files (x86)Microsoft SQL
Server140ToolsBinnManagementStudioSsms.exe"
You'll need to replace the path to SSMS.exe with your version.
Once you open the shortcut and enter the password for the account, you can then simply double click the shortcut in the future as it will store your credentials for later use.
edited Nov 14 '18 at 11:40
answered Nov 14 '18 at 8:48
George.PalaciosGeorge.Palacios
2,253824
2,253824
Thanks a whole lot! I wasn't aware of therunas
command, this is going to be much more helpful in the future than just fixing this problem.
– Outman
Nov 14 '18 at 11:19
add a comment |
Thanks a whole lot! I wasn't aware of therunas
command, this is going to be much more helpful in the future than just fixing this problem.
– Outman
Nov 14 '18 at 11:19
Thanks a whole lot! I wasn't aware of the
runas
command, this is going to be much more helpful in the future than just fixing this problem.– Outman
Nov 14 '18 at 11:19
Thanks a whole lot! I wasn't aware of the
runas
command, this is going to be much more helpful in the future than just fixing this problem.– Outman
Nov 14 '18 at 11:19
add a comment |
There are valid times to runas
an application as a domain account other than your own. Based on the OP wording though, this is not one of them. It may be outside the scope of this site, but before using the accepted answer as a workaround to perform your work responsibilities, you need to get approval in writing from your manager, your coworker, her manager - and have at least notified whoever has authority over security policy for your company. Don’t bother defining what the actions you should be taking are, now that you’re impersonating another user - you are approved to perform every action she is approved to perform.
1
I really appreciate your concern, but I've already gotten permission to temporarily use her account. As to why my question is outside the scope of this site; I used a real world example for the sole purpose of giving more context since abstracting my question would've been a little bit more confusing. But again, much obliged.
– Outman
Nov 14 '18 at 12:56
1
@Outman application impersonation isn’t necessarily outside the scope of this site. Rather my answer on behavioral implementation of security policy may not be strictly on-topic. If you have all the approvals (in writing, that bit is important) mentioned above, then full steam ahead - as long as you understand that this approach is an anti-pattern at best and a risk to you personally at worst.
– Peter Vandivier
Nov 14 '18 at 13:00
Just to add to this answer - which I agree with but don't think it necessarily answers the question posited - I only use this as we are a multi-domain site and I often need to open 4-5 SSMS sessions as different domain accounts, all of which are owned by me.
– George.Palacios
Dec 5 '18 at 12:03
add a comment |
There are valid times to runas
an application as a domain account other than your own. Based on the OP wording though, this is not one of them. It may be outside the scope of this site, but before using the accepted answer as a workaround to perform your work responsibilities, you need to get approval in writing from your manager, your coworker, her manager - and have at least notified whoever has authority over security policy for your company. Don’t bother defining what the actions you should be taking are, now that you’re impersonating another user - you are approved to perform every action she is approved to perform.
1
I really appreciate your concern, but I've already gotten permission to temporarily use her account. As to why my question is outside the scope of this site; I used a real world example for the sole purpose of giving more context since abstracting my question would've been a little bit more confusing. But again, much obliged.
– Outman
Nov 14 '18 at 12:56
1
@Outman application impersonation isn’t necessarily outside the scope of this site. Rather my answer on behavioral implementation of security policy may not be strictly on-topic. If you have all the approvals (in writing, that bit is important) mentioned above, then full steam ahead - as long as you understand that this approach is an anti-pattern at best and a risk to you personally at worst.
– Peter Vandivier
Nov 14 '18 at 13:00
Just to add to this answer - which I agree with but don't think it necessarily answers the question posited - I only use this as we are a multi-domain site and I often need to open 4-5 SSMS sessions as different domain accounts, all of which are owned by me.
– George.Palacios
Dec 5 '18 at 12:03
add a comment |
There are valid times to runas
an application as a domain account other than your own. Based on the OP wording though, this is not one of them. It may be outside the scope of this site, but before using the accepted answer as a workaround to perform your work responsibilities, you need to get approval in writing from your manager, your coworker, her manager - and have at least notified whoever has authority over security policy for your company. Don’t bother defining what the actions you should be taking are, now that you’re impersonating another user - you are approved to perform every action she is approved to perform.
There are valid times to runas
an application as a domain account other than your own. Based on the OP wording though, this is not one of them. It may be outside the scope of this site, but before using the accepted answer as a workaround to perform your work responsibilities, you need to get approval in writing from your manager, your coworker, her manager - and have at least notified whoever has authority over security policy for your company. Don’t bother defining what the actions you should be taking are, now that you’re impersonating another user - you are approved to perform every action she is approved to perform.
answered Nov 14 '18 at 12:44
Peter VandivierPeter Vandivier
1,0921722
1,0921722
1
I really appreciate your concern, but I've already gotten permission to temporarily use her account. As to why my question is outside the scope of this site; I used a real world example for the sole purpose of giving more context since abstracting my question would've been a little bit more confusing. But again, much obliged.
– Outman
Nov 14 '18 at 12:56
1
@Outman application impersonation isn’t necessarily outside the scope of this site. Rather my answer on behavioral implementation of security policy may not be strictly on-topic. If you have all the approvals (in writing, that bit is important) mentioned above, then full steam ahead - as long as you understand that this approach is an anti-pattern at best and a risk to you personally at worst.
– Peter Vandivier
Nov 14 '18 at 13:00
Just to add to this answer - which I agree with but don't think it necessarily answers the question posited - I only use this as we are a multi-domain site and I often need to open 4-5 SSMS sessions as different domain accounts, all of which are owned by me.
– George.Palacios
Dec 5 '18 at 12:03
add a comment |
1
I really appreciate your concern, but I've already gotten permission to temporarily use her account. As to why my question is outside the scope of this site; I used a real world example for the sole purpose of giving more context since abstracting my question would've been a little bit more confusing. But again, much obliged.
– Outman
Nov 14 '18 at 12:56
1
@Outman application impersonation isn’t necessarily outside the scope of this site. Rather my answer on behavioral implementation of security policy may not be strictly on-topic. If you have all the approvals (in writing, that bit is important) mentioned above, then full steam ahead - as long as you understand that this approach is an anti-pattern at best and a risk to you personally at worst.
– Peter Vandivier
Nov 14 '18 at 13:00
Just to add to this answer - which I agree with but don't think it necessarily answers the question posited - I only use this as we are a multi-domain site and I often need to open 4-5 SSMS sessions as different domain accounts, all of which are owned by me.
– George.Palacios
Dec 5 '18 at 12:03
1
1
I really appreciate your concern, but I've already gotten permission to temporarily use her account. As to why my question is outside the scope of this site; I used a real world example for the sole purpose of giving more context since abstracting my question would've been a little bit more confusing. But again, much obliged.
– Outman
Nov 14 '18 at 12:56
I really appreciate your concern, but I've already gotten permission to temporarily use her account. As to why my question is outside the scope of this site; I used a real world example for the sole purpose of giving more context since abstracting my question would've been a little bit more confusing. But again, much obliged.
– Outman
Nov 14 '18 at 12:56
1
1
@Outman application impersonation isn’t necessarily outside the scope of this site. Rather my answer on behavioral implementation of security policy may not be strictly on-topic. If you have all the approvals (in writing, that bit is important) mentioned above, then full steam ahead - as long as you understand that this approach is an anti-pattern at best and a risk to you personally at worst.
– Peter Vandivier
Nov 14 '18 at 13:00
@Outman application impersonation isn’t necessarily outside the scope of this site. Rather my answer on behavioral implementation of security policy may not be strictly on-topic. If you have all the approvals (in writing, that bit is important) mentioned above, then full steam ahead - as long as you understand that this approach is an anti-pattern at best and a risk to you personally at worst.
– Peter Vandivier
Nov 14 '18 at 13:00
Just to add to this answer - which I agree with but don't think it necessarily answers the question posited - I only use this as we are a multi-domain site and I often need to open 4-5 SSMS sessions as different domain accounts, all of which are owned by me.
– George.Palacios
Dec 5 '18 at 12:03
Just to add to this answer - which I agree with but don't think it necessarily answers the question posited - I only use this as we are a multi-domain site and I often need to open 4-5 SSMS sessions as different domain accounts, all of which are owned by me.
– George.Palacios
Dec 5 '18 at 12:03
add a comment |
Thanks for contributing an answer to Database Administrators Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f222501%2fhow-to-access-a-sql-server-database-using-another-user-with-permissions-in-the-s%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
Just an opinion: If you have her credentials, then you have some serious security issues at the company you are working for other than unable to start SSMS with a different account or having to wait for the permission to access a database.
– hot2use
Nov 14 '18 at 12:02
2
If the SQL authentication is turned off and you need integrated windows authentication then indeed you can only switch the client windows user or use „Run As“ (and you and she are most likely violating company policy by sharing an account)
– eckes
Nov 14 '18 at 12:09
2
@hot2use there are too many other issues to rant about, as expected from a company maintaining legacy systems.
– Outman
Nov 14 '18 at 12:36