Home Forums SQL Server 2005 SQL Server 2005 Security Block windows groups RE: Block windows groups

  • October 13, 2008 at 1:55 pm

    #884319

    Alren (10/13/2008)

    This would be great if the deny was restricted to the windows group but in my understanding this is what happens:

    user A is part of windows groups G1 and G2.

    G1 has a "grant connect SQL"

    G2 has a "deny connect SQL"

    This means that A has a grant AND a deny connect SQL.

    This in turn means no access since the deny prevents connection.

    But if I'm wrong, this would solve part of my problem.

    The other part is still "How do I kill sessions based on their groups?"

    Now say user A is a database administrator

    G1 the DBA group (sysadmin rights)

    G2 a user group able to select some records (in normal situation)

    --> this is why I'm afraid of using denys

    Thanks for your answer 😎