Re: SQL Server Security: NT Groups

From: Sue Hoegemeier (Sue_H@nomail.please)
Date: 05/31/02 

From: Sue Hoegemeier <Sue_H@nomail.please>
Date: Fri, 31 May 2002 14:32:44 -0600

That should work. An individual NT account inherits the
permissions from their group membership.
So if I'm a member of GroupA and GroupA is granted a login
and has permissions to access database B then I can login to
SQL Server and access database B.
Possibly the user you tested with has a deny somewhere? Deny
will take precedence. A user has all the accumulated
privileges associated with their individual account, group
membership, role membership with deny taking precedence. So
if I have a grant and a deny, the deny would be enforced.
The only exception is if I am a sysadmin.

-Sue

On Fri, 31 May 2002 11:03:18 -0700, "Johan"
<putterjs@hotmail.com> wrote:

>I'm new to SQL Server security and I don't know if it is
>possible to do what I'm trying to do. Can you guys with
>more experience please advice me if it is possible. I'm
>using NT 4 for the domain and SQL Server 7 and 2000 with
>mix authentication mode.
>
>This is what I did. I created 2 Roles in SQL Server for
>the database. The one with standard permissions and the
>other one with more advanced permissions. The first one
>will be for a user and the second one for a manager or
>supervisor.
>
>I also created 2 groups on the NT Server. One group for
>the users and the other group for the supervisors. My
>hope was to add the 2 NT groups to SQL Server Logins and
>then just add the 2 logins to the SQL Server Roles. When
>I login to SQL Server with one of the NT Users I gets a,
>no permission to login error.
>
>If I add each NT user as a Login to SQL Server and then
>add the SQL Server Login to the SQL Server Role, the
>program works fine. This means I have to add each new NT
>user to SQL Server also. I was hoping to add each new NT
>user only to the NT Group and that SQL Server
>automatically uses the correct permissions.
>
>Do anyone know if this is possible.
>
>Thanks for the help
>
>Johan

Relevant Pages

  • Re: Login with no Fixed Server Role and DB Role can stop SQL Agent Service?
    ... a Window 2000 Login with Domain User default permissions, ... > actually answered the question about the permissions the user has re: ... Forget about SQL Server for the moment. ... >> Enterprise Manager, but he is still able to stop the SQL Agent ...
    (microsoft.public.sqlserver.security)
  • Permissions!
    ... permissions to database objects are concerned. ... I have a SQL Server 7.0 database table which has 6 columns. ... REVOKE or DENY permissions to these 3 users? ... Please note that I login to my Windows 2000 Professional machine using ...
    (microsoft.public.sqlserver.security)
  • Re: SQL Server Security: NT Groups
    ... >permissions from their group membership. ... >So if I'm a member of GroupA and GroupA is granted a login ... >>I'm new to SQL Server security and I don't know if it is ... >>then just add the 2 logins to the SQL Server Roles. ...
    (microsoft.public.sqlserver.security)
  • Re: Security question ..
    ... > If you use NT authentication, a user's permissions to a database are ... Your assertion that a user's permissions are independent of the application ... Even using Access and "exploring" will require an ODBC login to SQL Server. ...
    (microsoft.public.sqlserver.server)
  • Re: Tables Login
    ... I'm using SQL Server. ... through creating all the necessary items for using membership as well as ... login view control of ASP .NET 2005. ... But now I've to install it, ...
    (microsoft.public.dotnet.framework.aspnet)