Re: SQL Server Security: NT Groups

From: Johan (
Date: 05/31/02

From: "Johan" <>
Date: Fri, 31 May 2002 14:27:05 -0700


I found the problem. My NT group was a local group instead
of a global group.

>-----Original Message-----
>That should work. An individual NT account inherits the
>permissions from their group membership.
>So if I'm a member of GroupA and GroupA is granted a login
>and has permissions to access database B then I can login
>SQL Server and access database B.
>Possibly the user you tested with has a deny somewhere?
>will take precedence. A user has all the accumulated
>privileges associated with their individual account, group
>membership, role membership with deny taking precedence.
>if I have a grant and a deny, the deny would be enforced.
>The only exception is if I am a sysadmin.
>On Fri, 31 May 2002 11:03:18 -0700, "Johan"
><> wrote:
>>I'm new to SQL Server security and I don't know if it is
>>possible to do what I'm trying to do. Can you guys with
>>more experience please advice me if it is possible. I'm
>>using NT 4 for the domain and SQL Server 7 and 2000 with
>>mix authentication mode.
>>This is what I did. I created 2 Roles in SQL Server for
>>the database. The one with standard permissions and the
>>other one with more advanced permissions. The first one
>>will be for a user and the second one for a manager or
>>I also created 2 groups on the NT Server. One group for
>>the users and the other group for the supervisors. My
>>hope was to add the 2 NT groups to SQL Server Logins and
>>then just add the 2 logins to the SQL Server Roles.
>>I login to SQL Server with one of the NT Users I gets a,
>>no permission to login error.
>>If I add each NT user as a Login to SQL Server and then
>>add the SQL Server Login to the SQL Server Role, the
>>program works fine. This means I have to add each new
>>user to SQL Server also. I was hoping to add each new NT
>>user only to the NT Group and that SQL Server
>>automatically uses the correct permissions.
>>Do anyone know if this is possible.
>>Thanks for the help

Relevant Pages

  • Re: Login with no Fixed Server Role and DB Role can stop SQL Agent Service?
    ... a Window 2000 Login with Domain User default permissions, ... > actually answered the question about the permissions the user has re: ... Forget about SQL Server for the moment. ... >> Enterprise Manager, but he is still able to stop the SQL Agent ...
  • Re: SQL Server Security: NT Groups
    ... permissions from their group membership. ... So if I'm a member of GroupA and GroupA is granted a login ... SQL Server and access database B. ... membership, role membership with deny taking precedence. ...
  • Permissions!
    ... permissions to database objects are concerned. ... I have a SQL Server 7.0 database table which has 6 columns. ... REVOKE or DENY permissions to these 3 users? ... Please note that I login to my Windows 2000 Professional machine using ...
  • Re: Security question ..
    ... > If you use NT authentication, a user's permissions to a database are ... Your assertion that a user's permissions are independent of the application ... Even using Access and "exploring" will require an ODBC login to SQL Server. ...
  • ADP, Application Role, and objects
    ... The above link is to an atricle on how to implement SQL Server Application ... After you connect with your ADP, fire a bit of code to set the ... third party tools to view the data on the same database. ... Scenario 1 - If I explicitly grant permissions on that object to the user ...