Post reply

AD User has access to a database their group doesn't have access to

  • May 23, 2008 at 2:03 pm

    #190989

    A user that is DBO to a database added a new user to that database (with CREATE USER) and made him a dbo as well. This new user has access to the SQL Server via group membership but their group does not have any access to this database. But I can see that this user is now able to create/alter objects. Does the rights given to this user supersede the fact that the group they are in has no access to the database?

  • May 23, 2008 at 8:25 pm

    #819956

    The group ensures that any member of that group can connect to the server. Typically groups will then be used to grant access into the database. However, it doesn't have to be this way. In the situation you described, an individual user, who is a member of the group, was granted access. This is permissible in SQL Server. The key is think of the login as access into the SQL Server. Once their in, any individual user or group of users can be granted access into specific databases.

    K. Brian Kelley
    @kbriankelley

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply