Re: Managing SQL database rights using AD

Hi Uri - Thanks for the pointer. However, it still isn't clear to me what I
need to do.

What I'm really trying to do is manage the database roles through AD.

Ideally I would like to use Windows Authentication to access the SQL server
and then have that same set of Windows credentials automatically define the
user’s rights within the database.

In other words I don’t want to administrate each individual user’s rights at
the database. Instead I want to set up my SQL server to say any member of my
casual-users group can edit table X. Then I would use AD to define what users
are in the casual-users group.

Thanks,
-Anthony


"Uri Dimant" wrote:

Anthony
http://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
best practices



Also , you may want to look into a database role to manage users rights




"Anthony" <Anthony@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BEDEB701-EF66-4827-8D3A-F79F6C7EA284@xxxxxxxxxxxxxxxx
I’m new to SQL so maybe there is an obvious reference that I have
overlooked
that someone can point me to.

The problem I am trying to solve is managing SQL database rights using AD.

To simplify my problem imagine I have a single SQL server (SQL 2000). I
also
have an app that can be accessed by two different organizations. Within
each
organization I have two sets of users: Casual-users that can see a limited
number of tables and then Power-users that can see all tables for their
organization.

The structure can be conceptualized as something like this in AD:

- MyDomain
- Org1
--- Org1 admins
--- Org1 Power-Users
--- Org1 Casual-Users
- Org2
--- Org2 admins
--- Org2 Power-Users
--- Org2 Casual-Users


I can use AD to set up the structure I need. However, I would like to use
this AD structure to manage the user’s database access rights. Ideally I
could add a new user somewhere in my AD defined Domain and they would
automatically have the correct database rights.

Questions:
- Is the scenario that I am describing possible to implement?
- If so is there a source of information someone can point me at?

Thanks,
-Anthony




.

Relevant Pages

  • Re: Which Method to Create a Database Do I Use?
    ... To be fair, VS is a "generic" tool designed to front a variety of backend databases, but each of the serious engines have rights management needs as well. ... But the more I think about how connecting to a database is setup and the trouble it's been, the more it just pisses me off. ... Hitchhiker's Guide to Visual Studio and SQL Server ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Which Method to Create a Database Do I Use?
    ... when I was working on the team) to get rights management tools integrated ... Hitchhiker's Guide to Visual Studio and SQL Server ... actually be able to connect to the database. ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Which Method to Create a Database Do I Use?
    ... Okay, once the database is built, you have to get rights to access it. ... SSPI and "SQL Server" ... and Hitchhiker's Guide to SQL Server 2005 Compact Edition (EBook) ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Assume SQL Server Rights for apps, any cons?
    ... Since your customer is the sysadmin on his SQL Server box, ... >administrates the underlying SQL Server 2000 database by himself. ... >wants that my software assumes the user rights automatically from the SQL ... >My application offers a GUI to manage customers. ...
    (microsoft.public.dotnet.framework)
  • Re: Newbie: I dont understand user permissions for table access
    ... >My database is remote to my workstation. ... >> HOW are you connecting to SQL Server? ... >> If you are using NT auth, what rights does your NT ... the PUBLIC role? ...
    (microsoft.public.sqlserver.server)