i think the only thing missing is for you to find a domain group that everyone belongs to, like domainname\Domain Users, and add that as a login, and then as a user to the right databases, and grant that windows group the right permissions.
then everyone who belongs to that AD group would have access...it's up to you to limit them as far s read/write.
Lowell
--
help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!