Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 


 
     
Recent Posts
   
Popular Topics
Home   
Search
    Members    Calendar    Who's On

Home » SQL Server 2008 » Security (SS2K8) » permission to windowsgroup
Add to briefcase

permission to windowsgroup Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
sej2008
Posted Saturday, March 16, 2013 6:13 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Friday, May 10, 2013 1:00 AM
Points: 76, Visits: 120
I have created 3 users in windows which are part of windows group named
wingrp1. I created a login in sql from this wingrp1 i.e myserver\wingrp1.
now if i give permission to this group it applies to all 3 windows users.but what I want is that a separate permission should be granted to this user in sql.
Is it possible?so when they login they access different objects.
Is there a way to grant different permission to users in a windows group in sql2008.
Thanks in advance.
Post #1431884
opc.three
Posted Saturday, March 16, 2013 2:11 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 9:55 PM
Points: 6,720, Visits: 11,759
but what I want is that a separate permission should be granted to this user in sql.
Is it possible?so when they login they access different objects.

Yes. Drop the SQL Server Login you created based on Windows Group myserver\wingrp1 and add individual SQL Server Logins for each Windows User, e.g. myserver\winusr1, myserver\winusr2 and myserver\winusr3. With this approach each SQL Server Login can have a separate set of permissions in the database instance.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato

Believe you can and you're halfway there. --Theodore Roosevelt

Everything Should Be Made as Simple as Possible, But Not Simpler --Albert Einstein

The significant problems we face cannot be solved at the same level of thinking we were at when we created them. --Albert Einstein

1 apple is not exactly 1/8 of 8 apples. Because there are no absolutely identical apples. --Giordy
Post #1431942
kevaburg
Posted Wednesday, March 20, 2013 3:44 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Yesterday @ 8:00 AM
Points: 159, Visits: 190
I would create a new Active Directory group and move that user into it. The reason, based on our environment here, is that we get alot of requests to create users with the same rights and permissions as another user. Simply adding those users to an existing group simplifies management enormously.

The disadvantage of using single-user logins as opposed to group-based logins is that you then have to touch each individuals account in order to make a simple change. The centralised management of users for a single purpose is something that I believe is greatly underestimated.

In situations where one user has membership in several groups (a very possible scenario), the permissions are grouped together in all situations except where an explicit DENY has been issued. Try it.....I think you will be pleasntly surprised!
Post #1433093
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse

 
 
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.