Home Forums SQL Server 7,2000 Security How to determine SQL Security Login group for windows login when user is member of active directory security group. RE: How to determine SQL Security Login group for windows login when user is member of active directory security group.

  • May 24, 2007 at 5:04 pm

    #708813

    Thanks EdVassie, but that does not really address the issue.  I don't have a problem with internal SQL security on objects.

    The issue is the delegated permission from Active Directory.  I want to know the DOMAIN\SecurityGroup with which the DOMAIN\User has gained access to the database.  As a work around I have a mapping table in my database that maps Active Directory users to their groups.  This can be handled by .NET in the front end, but I won't even mention the legacy platform I'm working with here.

    If I know the  DOMAIN\SecurityGroup, which I have used for login and object permissions, then I can query sp_helprotect and determine what permissions the current user has on the object, and hence what controls to enable.  Otherwise I would have to wait for a fail on commit, which would be annoying for the user as they would not know until the end of a process whether it will succeed.