January 10, 2019 at 10:54 am
Hi
We are currently cleaning up the logins and access in our instances. Currently, it is a mix of individual logins and security groups. We are thinking of removing all individual logins/access and maintain security groups only. How do you manage and design your accounts/logins by only having security groups? how do you give access to a person if he only needs access to a single database but the security group has access to two or more databases?
January 10, 2019 at 11:46 am
donut - Thursday, January 10, 2019 10:54 AMHiWe are currently cleaning up the logins and access in our instances. Currently, it is a mix of individual logins and security groups. We are thinking of removing all individual logins/access and maintain security groups only. How do you manage and design your accounts/logins by only having security groups? how do you give access to a person if he only needs access to a single database but the security group has access to two or more databases?
When you create a rule such as "no individual logins, only security groups", the next situation encountered will be something that falls outside the normal that will violate the rule.
I have just finished this exercise. We had enormous number of groups, nested groups, empty groups, multiple groups that had the exact same permissions, etc. All of this was originally put in place to handle the outliers,
We created three basic groups per server. Admins, Editors and Readers, These have the associated privileges assigned to them. When something falls out of those three groups, we either handled them individually or create a new group.
Michael L John
If you assassinate a DBA, would you pull a trigger?
To properly post on a forum:
http://www.sqlservercentral.com/articles/61537/
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply