Security Administration

We are currently embroiled in Sarbanes-Oxley controls, as we are part of a larger organization that requires SOX controls. One of the controls SOX wants is that IT personnel should not be issuing User IDs for applications that fall under SOX. I want to be able to give one of my SUPER users the ability to add / modify /delete users. How can I do this without giving him the ability to see Object Designer and some of the other stuff. I would just want him to be able to run the Tools - Security menu items. I know what tables to give him permission to, but I dont; know how to give him access to that menu. Any help would be greatly appreciated Thanks

Not a problem - You will need to create a new Role - UserAdm (or whatever you like) Then, allow the role for SYSTEM entries (Do a lookup (F6) for which ones) Object Type Object ID Object Name System 5810 Tools, Security, Roles System 5820 Tools, Security, DB Logins System 5821 Tools, Security, Win. Logins System 5830 Tools, Security, Password If you add System 0, you will allow the user to access Objecdt designer

Yes, it can be done. The User should have the ALL Security Role. Also, a new Security Role should be created and assigned to the User, let’s suppose the name will be USER-MANAGER. For USER-MANAGER, the following permission are required (I hope it displays properly after you copy/paste it into a text editor…): Object Type Object ID Object Name Read Insert Modify Delete Execute Table Data 2000000002 User Yes Yes Yes Yes Table Data 2000000003 Member Of Yes Yes Yes Yes Table Data 2000000004 User Role Yes Table Data 2000000005 Permission Yes Table Data 2000000053 Windows Access Control Yes Yes Yes Yes Table Data 2000000054 Windows Login Yes Yes Yes Yes System 5810 Tools, Security, Roles Yes System 5820 Tools, Security, DB Logins Yes System 5821 Tools, Security, Win. Logins Yes This User will be able to: - Create, Update and Remove User (either DB or Win.); - Assign and Remove Permissions to Users; - Read the Security Roles and associated Permission but not make any changes to them. [edit] oops, I guess I took too long formatting the stupid permissions… [xx(] [:D] [:D]

Thank you both very much

No problem - (Ok - I was posting this to see if the rss feed works on my website)