Security and access rights using local and global groups
From: Clifford Heath (no_at_spam.please)
Date: 02/28/05
- Previous message: Simon: "RE: Changing SQL startup account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Feb 2005 18:45:57 +1100
Sorry for the repost, I found this group (the most appropriate) only
after posting this in m.p.p.database and c.d.ms-sqlserver.
We've set up an SQL Server 2000 (build 8.0.761 - I think that's SP3)
access control scenario like the one described in this article:
<http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec01.mspx>,
but can't get it to work in all the cases we have need for.
Specifically, we have a domain controller with two objects defined:
* a user (call him Fred)
* a global group (call it Inventory group)
and an SQL Server machine in the domain having a local group, call
it "Data Access Group". The Inventory global group is a member of the
global Data Access Group. SQL Server allows both logins and rights to
members of the Data Access Group.
However, in this scenario, Fred cannot login. Adding Fred to the
Data Access Group allows the login, but the transitive membership
via the Inventory group doesn't allow it. This is definitely *not*
the behaviour described in the above article.
On another similar setup, the SQL Server is installed on the Domain
Controller, and in this case, the access is granted.
Can anyone help me understand what's going on here, and explain how
this stuff can be made to work with transitive group memberships?
Clifford Heath.
- Previous message: Simon: "RE: Changing SQL startup account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
