Re: Conflicting AD groups
- From: "Russell Fields" <russellfields@xxxxxxxxxx>
- Date: Mon, 4 May 2009 12:54:24 -0400
Josh,
Within SQL Server rights are additive. This means that the sum of rights granted to all groups (with rights to SQL Server) for a particular login are applied. This sums both GRANT and DENY, with DENY overriding any GRANTs for the same permission.
Here are articles:
http://sqlserverpedia.com/wiki/Object_&_Statement_Permissions
http://technet.microsoft.com/en-us/library/ms174927(SQL.90).aspx
And (off topic) an interesting follow-on about properties (as opposed to permissions) being assigned to groups.
http://blogs.msdn.com/lcris/archive/2008/08/22/sql-server-windows-groups-default-schemas-and-other-properties.aspx
RLF
"JRStern" <JRStern@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:414E90D7-22E1-41E0-BCB2-8886DF7D953F@xxxxxxxxxxxxxxxx
I'm not a security guy, don't know if this is a simple or complex question,
but it seems it would be common.
We're setting up a new environment where most SQL Server security will be by
the Active Directory group membership a Windows login has. If a login is in
several groups with different levels of privileges, how is this resolved?
Point to a KB article would be fine.
Thanks.
Josh
.
- Follow-Ups:
- Re: Conflicting AD groups
- From: JRStern
- Re: Conflicting AD groups
- References:
- Conflicting AD groups
- From: JRStern
- Conflicting AD groups
- Prev by Date: Re: Conflicting AD groups
- Next by Date: Re: Conflicting AD groups
- Previous by thread: Re: Conflicting AD groups
- Next by thread: Re: Conflicting AD groups
- Index(es):
Relevant Pages
|
