Home » Microsoft » MB6-886 » What should you do for the application to access that database without requiring a password?
You work as a database developer at vceguide.com. You need to design a SQL Server 2008 database that will only be accessed by an application.
What should you do for the application to access that database without requiring a password?
A. You should create a credential for the application.
B. You should create a login with no password for the application.
C. You should create a proxy object.
D. You should create a database user with no login for the application.
Correct Answer: D
Explanation/Reference:
When you execute CREATE USER <name> WITHOUT LOGIN, you get a user in the database that will NOT have a login associated to it. This is intentional and by design. This is NOT an orphaned user.
When you create a user without a login, there is no path that allows a login to be mapped to that particular user in the database. The only way to "utilize" this particular user in the database is through impersonation. Loginless users were added in SQL Server 2005 as a replacement to application roles. The main reasons behind this were that you did not need to embed a password into an application and you also did not suddenly have multiple people coming into your SQL Server all with the same "login". By utilizing loginless users, the user’s of an application login to the SQL Server using THEIR login credentials (NOT a generic login), so that you can audit activity to a given login. Once they change context to the application database, you can issue an EXECUTE AS command to change their user context thereby giving them the authority they need within the application.