Re: Managing SQL database rights using AD

From: "Uri Dimant" <urid@xxxxxxxxxxx>
Date: Sun, 12 Feb 2006 12:04:00 +0200

Anthony
http://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
best practices

Also , you may want to look into a database role to manage users rights

"Anthony" <Anthony@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BEDEB701-EF66-4827-8D3A-F79F6C7EA284@xxxxxxxxxxxxxxxx

I?m new to SQL so maybe there is an obvious reference that I have
overlooked
that someone can point me to.

The problem I am trying to solve is managing SQL database rights using AD.

To simplify my problem imagine I have a single SQL server (SQL 2000). I
also
have an app that can be accessed by two different organizations. Within
each
organization I have two sets of users: Casual-users that can see a limited
number of tables and then Power-users that can see all tables for their
organization.

The structure can be conceptualized as something like this in AD:

- MyDomain
- Org1
--- Org1 admins
--- Org1 Power-Users
--- Org1 Casual-Users
- Org2
--- Org2 admins
--- Org2 Power-Users
--- Org2 Casual-Users

I can use AD to set up the structure I need. However, I would like to use
this AD structure to manage the user?s database access rights. Ideally I
could add a new user somewhere in my AD defined Domain and they would
automatically have the correct database rights.

Questions:
- Is the scenario that I am describing possible to implement?
- If so is there a source of information someone can point me at?

Thanks,
-Anthony

Follow-Ups:
- Re: Managing SQL database rights using AD
  - From: Anthony

Prev by Date: Re: Deny access to all users (including Administrator and DomainAdmins) except SA?
Next by Date: Re: Who is using MSMQ?
Previous by thread: Re: Login failed for user 'sa'
Next by thread: Re: Managing SQL database rights using AD
Index(es):
- Date
- Thread

Relevant Pages

Re: Unable to connect to server
... This posting is provided "AS IS" with no warranties, and confers no rights. ... > Cannot open user default database. ... > C:\Program Files\Microsoft SQL ...
(microsoft.public.sqlserver.security)
Re: Which Method to Create a Database Do I Use?
... BTW, I am still completely in the dark as to if I need to download SQL Express Edition because I don't have yet have any software that will allow a database connection to run on my computer, or because you assumed for some reason that I only want to use SQL Express Edition. ... To be fair, VS is a "generic" tool designed to front a variety of backend databases, but each of the serious engines have rights management needs as well. ... Hitchhiker's Guide to Visual Studio and SQL Server ...
(microsoft.public.dotnet.framework.adonet)
Re: Error code = 4060
... divisional portals are running under a different app pool and identity than ... the corporate portal, and the identity of this pool, while having dbo rights ... portal's content database. ...
(microsoft.public.sharepoint.portalserver.development)
Re: db_denydatawriter
... perhaps this also gives read write access on the database to this user? ... Resrictive permissions overrides in its own level. ... However, if she has sysadmin right, then she'll be able to modify that data. ... Is it possible she has some admin rights which override DenyWriter (though ...
(microsoft.public.sqlserver.security)
Re: Complete Neophyte Question(s)
... No you cannot remove a login from the 'public' role. ... For rights to _use_ objects then the appropriate rights need to be granted ... GRANT SELECT ON dbo.Orders TO OrderViewers ... for a database that is supposed to be secured it is a bad idea ...
(microsoft.public.sqlserver.security)