Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Impersonate possible for a security group? Expand / Collapse
Author
Message
Posted Thursday, March 21, 2013 11:10 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, November 4, 2013 11:30 AM
Points: 1, Visits: 3
Hi everyone,

I was thinking of publishing some Table Reports with an online connection to my MSSQL server.
All of that works fine...

Now I was hoping to use my security groups to manage the access to the database.
When trying to use the security group as shown below it does not work - probably because that is only for users - however I was not able to find syntax for a group.

GRANT IMPERSONATE ON USER::[my_domain\gordon] to [my_domain\tableau];

Any advise is much appriciated.

Cheers,
Gordon
Post #1433921
Posted Sunday, April 7, 2013 1:04 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, June 12, 2014 8:13 AM
Points: 8, Visits: 105
Hi Gordon,

Unfortunately, this is not possible currently in SQL Server. SQL Server (for some reason) cannot read members out of the AD group configured as a login in SQL Server itself (both AD and SQL Server are Microsoft products, right ?).
The impersonation is possible only when the impersonated login exists in sys.server_principals.

Check the similar topic at http://www.sqlservercentral.com/Forums/Topic1434100-1526-2.aspx.

Post #1439657
Posted Sunday, April 7, 2013 1:11 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, June 12, 2014 8:13 AM
Points: 8, Visits: 105
...just to add that the syntax for the login in fact completes successfully:

use master
go
GRANT IMPERSONATE ON login::[domain\Security Group] TO [domain\User]
go

but then, when launching EXECUTE AS to impersonate an individual login, a member of [domain/Security Group], SQL Server cannot identify it!
Post #1439660
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse