August 16, 2013 at 2:13 am
Hello,
Following on from a similar post I saw on here earlier (http://www.sqlservercentral.com/Forums/Topic951703-391-1.aspx) I was wondering how people prefer to manage the number of logins on their instances.
Do you simply permit as many logins as are needed, or do you try to restrict that number?
Just wondering.
August 16, 2013 at 2:18 am
In my data warehouses I usually have three logins: an administrator group, a reader group and a writer group. I give permissions to those groups and it is up to active directory to put people in the correct groups.
Need an answer? No, you need a question
My blog at https://sqlkover.com.
MCSE Business Intelligence - Microsoft Data Platform MVP
August 16, 2013 at 3:13 am
Access via AD group indeed a great approach which will reduce you permission managing if you have several servers.
Regards
Durai Nagarajan
August 16, 2013 at 4:32 am
Yeah, I use the same approach as the others, I use AD groups to manage user membership and just apply the appropriate permissions to the AD group. It keeps logins smaller, and allows the service desk to manage group membership.
August 16, 2013 at 4:40 am
To those guys using AD groups, do you find that you have many groups mapped to logins e.g. many logins, or do you end up with only a few logins as a result (perhaps even many groups mapping to a few logins).
August 16, 2013 at 5:03 am
we have a DBA Group, reader group and windows apps user account , do you need anything more than this
Regards
Durai Nagarajan
August 16, 2013 at 8:34 am
durai nagarajan (8/16/2013)
we have a DBA Group, reader group and windows apps user account , do you need anything more than this
We also use various groups for specific database permissions. Certain logins (mapped to AD groups) can only access some databases, others have write permissions, and so on. Over time this can grow to tens or hundreds of logins (more likely tens) and become unwieldily to manage.
I was just wondering if this is normal or of as suggested so far people only have three or four levels of permissions and hence only three or four logins.
August 16, 2013 at 8:39 am
Do you mean to say in production DB user's have write access other that DBA?
Regards
Durai Nagarajan
August 16, 2013 at 8:43 am
Not so 'users' but developers who login from their applications to run DML statements.
August 16, 2013 at 8:58 am
mike.dinnis (8/16/2013)
Not so 'users' but developers who login from their applications to run DML statements.
What do you mean by this - "developers who login from their applications to run DML statements"
Regards
Durai Nagarajan
August 16, 2013 at 11:34 am
mike.dinnis (8/16/2013)
Not so 'users' but developers who login from their applications to run DML statements.
On production? That should be a no-no.
Need an answer? No, you need a question
My blog at https://sqlkover.com.
MCSE Business Intelligence - Microsoft Data Platform MVP
Viewing 11 posts - 1 through 10 (of 10 total)
You must be logged in to reply to this topic. Login to reply