Re: User added via group membership
From: Dan Guzman (danguzman_at_nospam-earthlink.net)
Date: 07/22/04
- Next message: Hari Prasad: "Re: Who should be owner if bd?"
- Previous message: Dan Guzman: "Re: Who should be owner if bd?"
- In reply to: Colleen: "User added via group membership"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Jul 2004 21:40:26 -0500
> Why would it
> allow the GRANT if it's not a valid login? How would they
> be able to execute the procedure without a valid login?
The user obviously cannot execute the procedure or perform any other SQL
activity until the account has been granted access to SQL Server. However,
SQL Server allows you to setup security for Windows accounts even before
access has been granted. This is possible because, unlike standard SQL
logins, the Windows account SID can be obtained independently of SQL Server.
Now this doesn't necessarily mean that you should do this as a rule. IMHO,
it's better to setup security in correct dependency order (login --> user-->
permissions).
-- Hope this helps. Dan Guzman SQL Server MVP "Colleen" <anonymous@discussions.microsoft.com> wrote in message news:140901c46f2c$65fa6790$a401280a@phx.gbl... > I just stumbled upon something I thought was odd. > > I created a stored procedure and issued 'GRANT EXECUTE ON > <procedure> to <domain\windowslogin>. The login did not > exist on the server but it added a user into the > database 'via group membership'. The user later tried to > register the server in Enterprise Manager and of course > got an error that he didn't have a login. Why would it > allow the GRANT if it's not a valid login? How would they > be able to execute the procedure without a valid login? > >
- Next message: Hari Prasad: "Re: Who should be owner if bd?"
- Previous message: Dan Guzman: "Re: Who should be owner if bd?"
- In reply to: Colleen: "User added via group membership"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
