Re: SQL Server Security: NT Groups

From: Johan (putterjs@hotmail.com)
Date: 05/31/02


From: "Johan" <putterjs@hotmail.com>
Date: Fri, 31 May 2002 14:27:05 -0700


Thanks,

I found the problem. My NT group was a local group instead
of a global group.

>-----Original Message-----
>That should work. An individual NT account inherits the
>permissions from their group membership.
>So if I'm a member of GroupA and GroupA is granted a login
>and has permissions to access database B then I can login
to
>SQL Server and access database B.
>Possibly the user you tested with has a deny somewhere?
Deny
>will take precedence. A user has all the accumulated
>privileges associated with their individual account, group
>membership, role membership with deny taking precedence.
So
>if I have a grant and a deny, the deny would be enforced.
>The only exception is if I am a sysadmin.
>
>-Sue
>
>On Fri, 31 May 2002 11:03:18 -0700, "Johan"
><putterjs@hotmail.com> wrote:
>
>>I'm new to SQL Server security and I don't know if it is
>>possible to do what I'm trying to do. Can you guys with
>>more experience please advice me if it is possible. I'm
>>using NT 4 for the domain and SQL Server 7 and 2000 with
>>mix authentication mode.
>>
>>This is what I did. I created 2 Roles in SQL Server for
>>the database. The one with standard permissions and the
>>other one with more advanced permissions. The first one
>>will be for a user and the second one for a manager or
>>supervisor.
>>
>>I also created 2 groups on the NT Server. One group for
>>the users and the other group for the supervisors. My
>>hope was to add the 2 NT groups to SQL Server Logins and
>>then just add the 2 logins to the SQL Server Roles.
When
>>I login to SQL Server with one of the NT Users I gets a,
>>no permission to login error.
>>
>>If I add each NT user as a Login to SQL Server and then
>>add the SQL Server Login to the SQL Server Role, the
>>program works fine. This means I have to add each new
NT
>>user to SQL Server also. I was hoping to add each new NT
>>user only to the NT Group and that SQL Server
>>automatically uses the correct permissions.
>>
>>Do anyone know if this is possible.
>>
>>Thanks for the help
>>
>>Johan
>
>.
>