asked
Create Users in SQL 2000
I was asking me what is better by creating users accounts: Scenario: There are 5 developers, who are from an external company and they need access to the database with they own users. Like you alredy know, we have two posiblities to create them an access to the database, with Windows Autentication or SQL Autentication(mixmode). This 5 developers don't have a domain account, because it cause a cost for our Company. Therefore the used a commonn account to access the database. But right know, for security reasons we prefere to assign each one a new account with they names. I know that microsoft recomends to use the network accounts. But here my doubt, what do you recommend: acquire 5 more CAL licences (for the network accounts), or create for them only 5 sql accounts and don't spend more money. I don't know how long they will stay at the company, because they do a specific job here to improve the software. What do you recommend and why... i have to give an answere and I wanted to say them only the sql accounts, but then I had the doubt to be wrong. What is the worst that can happen if we use only sql authentication. Thanks a lot for your comments and recommendations!
As others have stated, SQL authentication seems to be the only way since getting domain accounts created cost your organization $. Simply create an account for each one and assign them the minimum amount or rights that they need to do the their job. When their task is over, disable the accounts, then later down the road delete the accounts per your security policy.
Use SQL Authentication. There isn't a huge amount different really, except for the ability for windows users to login via a windows user group, and the fact that you don't have to specify the password in the connection string. If this is just for access to a development / test database, then I really can't see a problem with giving them access via SQL Authentication. Certainly not enough problem to go out buying extra licenses.
My suggestion: Windows Authentication The fact that the developers exist outside of your domain, as you stated, your first security concern should be the network access. So if you just give them SQL Server logins they would still be accessing your network with a shared account.
It Is Better To create the login with SQL Server Authentication and give the Desire Right on the Database that are used by them....
