Problem with MACHINENAME\ASPNET user
ayacenda
Posts: 4
I am using SQL Packager to package a database as a .NET executable. Among the users in the database are a MACHINENAME\ASPNET user and a MACHINENAME\IUSR_MACHINENAME user. I quickly realized that these users can not be moved to another machine. I get a “Windows NT user or group MACHINENAME \ASPNET not found.†message because the target machine has a different name. I am ok with that. I can see where that would be pretty tricky to move users that are associated with a Windows account.
I thought the solution would be to explicitly exclude these users in the ‘Choose the database objects whose schema will be packaged’ dialog and then add them to the target database after executing the package. But that does not work. I get the same ‘user or group not found’ error because the package still wants to add the users – apparently because they have role memberships.
I am able to get the package to run by also checking the "Ignore users' permissions and role memberships†option in the SQL Packager Options Dialog. That is a bad solution because permissions for other users are lost and have to be added manually.
Two questions:
1. Am I missing something?
2. Shouldn’t deselecting a user in the “Choose the database objects…†dialog cause the user and related roles and permissions to be deselected?
I thought the solution would be to explicitly exclude these users in the ‘Choose the database objects whose schema will be packaged’ dialog and then add them to the target database after executing the package. But that does not work. I get the same ‘user or group not found’ error because the package still wants to add the users – apparently because they have role memberships.
I am able to get the package to run by also checking the "Ignore users' permissions and role memberships†option in the SQL Packager Options Dialog. That is a bad solution because permissions for other users are lost and have to be added manually.
Two questions:
1. Am I missing something?
2. Shouldn’t deselecting a user in the “Choose the database objects…†dialog cause the user and related roles and permissions to be deselected?
Tony Yacenda
MeetingBridge
MeetingBridge
Comments
Your options are to simply exclude all user and role objects from the database and use the SQL Options to ignore all permissions. If the ASPNET user has no explicit permissions in the database, you can try tracking down the role memberships for ASPNET and remove them as well as the ASPNET user.
I'm sorry that this is causing such a big headache for everybody.
Basically, SQL Packager can not package permissions and role memberships for any user if one or more of the users is set up with Windows authorization. I would think that the vast majority of production databases use Windows authorization for at least one user.
Is Red-Gate going to do something to address this problem?
I would be satisfied if it completely ignored a user that it is deselected in the 'Choose the database objects whose schema will be packaged' dialog. So, when I deselect the user MACHINENAME\ASPNET I would expect its permissions and roles to be deselected too.
That seems like it would be a simple change that would correct a very big problem. Do you have anything like that on the drawing board?
MeetingBridge
Absolutely. A lot of people would like to see this fixed.
Do you have any idea on the timing of a fix?
MeetingBridge