Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

A user belongs to multiple groups Expand / Collapse
Author
Message
Posted Monday, March 18, 2013 6:35 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Yesterday @ 7:30 PM
Points: 53, Visits: 531
Hello,

I'm a bit confused about permissions. If a user, User1, belong to multiple groups, say
ADGroup1 --> SQLGroup2 --> SELECT permission on Table1, Table2 in DB1
ADGroup2 --> SQLGroup3 --> INSERT/UPDATE permission on Table1 and Table3 in DB1
ADGroup3 --> SQLGroup9 --> VIEW Definition to DB3

In this case, what permission the User1 has it? I think all of it since this user is part of those 3 AD groups and these AD groups are member of SQL groups that the permissions have been set.

Is this right or is there something that I missed?

Thanks much!!
Post #1432427
Posted Monday, March 18, 2013 6:52 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 5:51 PM
Points: 6,158, Visits: 7,222
All security in SQL Server is cumulative unless an explicity DENY in one group overrides a setting from another. That includes both internal (SQL) and external (AD) group associations. So you're correct, they'd have every permission listed above, barring another one that's not listed with a DENY to a particular one.


- Craig Farrell

Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.

For better assistance in answering your questions | Forum Netiquette
For index/tuning help, follow these directions. |Tally Tables

Twitter: @AnyWayDBA
Post #1432429
Posted Monday, March 18, 2013 8:24 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Yesterday @ 7:30 PM
Points: 53, Visits: 531
thanks a lot for clarification.
Post #1432439
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse