Competition: What’s your favorite Redgate tool? Enter now.

Problem with MACHINENAME\ASPNET user

ayacendaayacenda Posts: 4
edited October 19, 2006 11:17AM in SQL Packager Previous Versions
I am using SQL Packager to package a database as a .NET executable. Among the users in the database are a MACHINENAME\ASPNET user and a MACHINENAME\IUSR_MACHINENAME user. I quickly realized that these users can not be moved to another machine. I get a “Windows NT user or group MACHINENAME \ASPNET not found.” message because the target machine has a different name. I am ok with that. I can see where that would be pretty tricky to move users that are associated with a Windows account.

I thought the solution would be to explicitly exclude these users in the ‘Choose the database objects whose schema will be packaged’ dialog and then add them to the target database after executing the package. But that does not work. I get the same ‘user or group not found’ error because the package still wants to add the users – apparently because they have role memberships.

I am able to get the package to run by also checking the "Ignore users' permissions and role memberships” option in the SQL Packager Options Dialog. That is a bad solution because permissions for other users are lost and have to be added manually.

Two questions:

1. Am I missing something?
2. Shouldn’t deselecting a user in the “Choose the database objects…” dialog cause the user and related roles and permissions to be deselected?
Tony Yacenda
MeetingBridge

Comments

  • Brian DonahueBrian Donahue Posts: 6,590 New member
    Hello Tony,

    Your options are to simply exclude all user and role objects from the database and use the SQL Options to ignore all permissions. If the ASPNET user has no explicit permissions in the database, you can try tracking down the role memberships for ASPNET and remove them as well as the ASPNET user.

    I'm sorry that this is causing such a big headache for everybody.
  • Brian,

    Basically, SQL Packager can not package permissions and role memberships for any user if one or more of the users is set up with Windows authorization. I would think that the vast majority of production databases use Windows authorization for at least one user.

    Is Red-Gate going to do something to address this problem?

    I would be satisfied if it completely ignored a user that it is deselected in the 'Choose the database objects whose schema will be packaged' dialog. So, when I deselect the user MACHINENAME\ASPNET I would expect its permissions and roles to be deselected too.

    That seems like it would be a simple change that would correct a very big problem. Do you have anything like that on the drawing board?
    Tony Yacenda
    MeetingBridge
  • Brian DonahueBrian Donahue Posts: 6,590 New member
    Hello Tony,

    Absolutely. A lot of people would like to see this fixed.
  • Brian,

    Do you have any idea on the timing of a fix?
    Tony Yacenda
    MeetingBridge
  • Brian DonahueBrian Donahue Posts: 6,590 New member
    I'll let someone else answer that...
Sign In or Register to comment.