May 14, 2012 at 2:42 pm
Hi all,
I have the following problem:
There are several database roles on a database. Active directory users within our domain are not directly assigned to the database roles and they also do not exist explicitly as a login on the sql server instance.
Rather, users are assigned to the database roles via active directory groups which are assigned directly to the database roles. (I think this is the most common way to do this.)
Now, I want to list all the implicit assigned database roles for a user logged in by integrated windows authentication.
Due the fact that only the AD group is available in the system tables, bit not the AD user, I cannot query them directly.
Does somebody know how to retrieve the database roles that are assigned to a AD user indirectly?
Thx a lot!
Bernie
May 14, 2012 at 2:50 pm
there's an extended stored procedure to help you with that situation.
you can use it to query an iindividual's domain login, or a group from the domain:
try these out and see if this helps:
-- Show all paths a user gets his auth from
EXEC master..xp_logininfo @acctname = 'mydomain\lowell',@option = 'all'
-- show group members
EXEC master..xp_logininfo @acctname = 'mydomain\authenticatedusers',@option = 'members'
--who's in the "dev " group?
EXEC master..xp_logininfo @acctname = 'mydomain\Dev',@option = 'members'
Lowell
May 15, 2012 at 4:34 am
Lowell, thank you.
This is what helps me to get my solution ...
Bernie
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply