SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Orphaned users


Orphaned users

Author
Message
Dscheypie
Dscheypie
Old Hand
Old Hand (360 reputation)Old Hand (360 reputation)Old Hand (360 reputation)Old Hand (360 reputation)Old Hand (360 reputation)Old Hand (360 reputation)Old Hand (360 reputation)Old Hand (360 reputation)

Group: General Forum Members
Points: 360 Visits: 271
Comments posted to this topic are about the item Orphaned users

________________________________________________________
If you set out to do something, something else must be done first.
jan.dewettinck
jan.dewettinck
Ten Centuries
Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)

Group: General Forum Members
Points: 1201 Visits: 1343
Nice question.

Under drop the login with DBO rights you mention

DROP LOGIN [Domain\TestSQLDBadmins];
GO

I guess you meant

DROP LOGIN [Domain\TestWindowsDBadmins];
GO

?
sqldoubleg
sqldoubleg
Ten Centuries
Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)

Group: General Forum Members
Points: 1247 Visits: 1363
Nice question, it's a pity I got too engaged with the max level of permission and forgot to tick public and db_datareader...
twin.devil
twin.devil
Hall of Fame
Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)

Group: General Forum Members
Points: 3117 Visits: 2684
good question ... thanks
Todd Reddinger
Todd Reddinger
Ten Centuries
Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)

Group: General Forum Members
Points: 1116 Visits: 349
Good question. Too bad I got caught up in the permissions and forgot to tick that the create worked.


Thanks,

ToddR
steve.jacobs
steve.jacobs
Right there with Babe
Right there with Babe (762 reputation)Right there with Babe (762 reputation)Right there with Babe (762 reputation)Right there with Babe (762 reputation)Right there with Babe (762 reputation)Right there with Babe (762 reputation)Right there with Babe (762 reputation)Right there with Babe (762 reputation)

Group: General Forum Members
Points: 762 Visits: 279
Nice question. Missed it though...selected 3 out of the 4 correct. Next time, I guess I'll read it a bit more "slowly." :-D
SqlMel
SqlMel
SSC Eights!
SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)

Group: General Forum Members
Points: 888 Visits: 476
I find this one to be a very good question but one that can be easily answered by just analyzing the available options.

First, you need to select 4 correct answers but there are three (The last ones) that are mutually exclusive. That means that the first three are true.

Given that, if you know for a fact that the user has permissions to the db_owner role, than you should know that he will have enough privileges to create a table in the database.

I'm surprised the percentage of correct answers are so low.

---------------
Mel. Cool
Thomas Abraham
Thomas Abraham
Hall of Fame
Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)

Group: General Forum Members
Points: 3105 Visits: 2255
SqlMel (10/31/2013)
I find this one to be a very good question but one that can be easily answered by just analyzing the available options.

First, you need to select 4 correct answers but there are three (The last ones) that are mutually exclusive. That means that the first three are true.

Given that, if you know for a fact that the user has permissions to the db_owner role, than you should know that he will have enough privileges to create a table in the database.

I'm surprised the percentage of correct answers are so low.


I just over-thought this one. Maybe others have too. Plus, there was the pressure of it being worth THREE points. ;-)

BTW, I was surprised Steve didn't slip in a humorous Halloween question. I look forward to those holiday questions.

If you celebrate such things, Happy Halloween! Hope you get lots of >(///)<

Please don't go. The drones need you. They look up to you.
Connect to me on LinkedIn
ronmoses
ronmoses
Ten Centuries
Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)

Group: General Forum Members
Points: 1373 Visits: 996
I clearly need some educatin' here. I'm very much not an administrator, so bear with me.

"TestWindowsUser is in a domain group that is a member of db_owner and another that is a member of db_dataReader."

I'm lost as to when this happens. I see that he's in two domain groups, but I'm not seeing where those groups are made members of db_owner and db_reader. I see two users from those groups who are assigned those roles... does assigning a user to a role assign every user in that domain group to the same role? That's doesn't seem right.

Apologies if I'm missing the obvious. I've never worked with this stuff before.

ron

-----
a haiku...

NULL is not zero
NULL is not an empty string
NULL is the unknown

sknox
sknox
Hall of Fame
Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)

Group: General Forum Members
Points: 3052 Visits: 2852
ronmoses (10/31/2013)
I clearly need some educatin' here. I'm very much not an administrator, so bear with me.

"TestWindowsUser is in a domain group that is a member of db_owner and another that is a member of db_dataReader."

I'm lost as to when this happens. I see that he's in two domain groups, but I'm not seeing where those groups are made members of db_owner and db_reader. I see two users from those groups who are assigned those roles... does assigning a user to a role assign every user in that domain group to the same role? That's doesn't seem right.

Apologies if I'm missing the obvious. I've never worked with this stuff before.

ron


The following T-SQL code creates database users which map to the Windows groups. Every member of those groups, when logging into SQL Server, will have the rights of those database users.


USE DBall
CREATE USER TestSQLDBadmin FROM Login [Domain\TestWindowsDBadmins];
CREATE USER TestSQLDBreader FROM Login [Domain\TestWindowsDBreaders];
GO


Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search