opc.three (1/12/2013)
AD Groups as SQL Logins and Database Users work great unless you need the User to have a default schema. In SQL 2012 the loop has been closed, but this is a 2008 forum.@yslguru, I would look to rename them so they match the person's new name. Last name changes are pretty common and I rename Database Users and Server Logins all the time to keep up. Are you storing the Database User name in any audit tables? If the Database User name is used to maintain an audit trail then you may have a bit more to consider.
The schema that the app assumes for everything is 'dbo'. As far as auditing storage goes we are storing the name (as text) when auditing something that the app does not manage itself. For example, when someone makes a configuration change to an Account Number in our apps chart of accounts we capture the data before the change along with the date/time and name/ID of the user making said change. We don't store the SQL Login/DB User (as setup within SQL Server), just the user ID info the app has. We use the SQL Login & DB Users to identofy what SPID belongs to whom when monitoring. Else every SPID would be listed as dbo and we'd have no idea who is doing what.
Thanks
Kindest Regards,
Just say No to Facebook!