Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

permission to windowsgroup Expand / Collapse
Author
Message
Posted Saturday, March 16, 2013 6:13 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, April 03, 2014 1:30 AM
Points: 113, Visits: 207
I have created 3 users in windows which are part of windows group named
wingrp1. I created a login in sql from this wingrp1 i.e myserver\wingrp1.
now if i give permission to this group it applies to all 3 windows users.but what I want is that a separate permission should be granted to this user in sql.
Is it possible?so when they login they access different objects.
Is there a way to grant different permission to users in a windows group in sql2008.
Thanks in advance.
Post #1431884
Posted Saturday, March 16, 2013 2:11 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 9:25 AM
Points: 7,070, Visits: 12,523
but what I want is that a separate permission should be granted to this user in sql.
Is it possible?so when they login they access different objects.

Yes. Drop the SQL Server Login you created based on Windows Group myserver\wingrp1 and add individual SQL Server Logins for each Windows User, e.g. myserver\winusr1, myserver\winusr2 and myserver\winusr3. With this approach each SQL Server Login can have a separate set of permissions in the database instance.


__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato

Believe you can and you're halfway there. --Theodore Roosevelt

Everything Should Be Made as Simple as Possible, But Not Simpler --Albert Einstein

The significant problems we face cannot be solved at the same level of thinking we were at when we created them. --Albert Einstein

1 apple is not exactly 1/8 of 8 apples. Because there are no absolutely identical apples. --Giordy
Post #1431942
Posted Wednesday, March 20, 2013 3:44 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Monday, April 14, 2014 8:19 AM
Points: 306, Visits: 461
I would create a new Active Directory group and move that user into it. The reason, based on our environment here, is that we get alot of requests to create users with the same rights and permissions as another user. Simply adding those users to an existing group simplifies management enormously.

The disadvantage of using single-user logins as opposed to group-based logins is that you then have to touch each individuals account in order to make a simple change. The centralised management of users for a single purpose is something that I believe is greatly underestimated.

In situations where one user has membership in several groups (a very possible scenario), the permissions are grouped together in all situations except where an explicit DENY has been issued. Try it.....I think you will be pleasntly surprised!
Post #1433093
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse