December 28, 2006 at 12:45 pm
I do worry sometimes, ad/domain group membership is a valid and very usual method of granting users access to a sql server, to be honest the last thing you want in a large system is to have to maintain thousands of individual logins. You can install the AD viewer, from the adminpack for windows server, this will allow you to view ( but not alter ) the AD. Failing that xp_logininfo will give you info on members of AD/domain groups on your sql server, check out BOL.
Sorry to sound sharp, but if you administer production systems you should really know all this stuff, doesn't really inspire confidence does it ?
[font="Comic Sans MS"]The GrumpyOldDBA[/font]
www.grumpyolddba.co.uk
http://sqlblogcasts.com/blogs/grumpyolddba/
December 28, 2006 at 12:51 pm
I was speaking in generalities, and not directly to you. I have known people that would simply give admin rights to a whole users group if one person needed something. In his defense, he was the systems admin and there was no dba.
Don't forget about your sp_help procedures:
and so on.
December 28, 2006 at 12:56 pm
Don't be sorry...I am new to the position and I am learning as fast as I can which is why I have asked a ton of questions. I would rather look silly at asking a "rookie" question or asking a question that isn't really in the correct context if it means I will then understand the do's/don'ts, Whys, concepts, reasons, and others personal beliefs.
You hit the nail on the head with me, I got this job by luck I think. I was an analyst who really enjoys the SQL side of things and got in as a DBA. I had no formal admin training prior to me starting my job. I did take a couple SQL classes since starting but they were more informational vs. real world experience and I have been forced into action by other people quitting ect.
Everyday is an on the job learning type deal for me where I spend most of my time researching stuff on Google and here for answers. You can get a definition out of a book...but I like to hear reasons why people like to do things a certain way...ect.
Thanks again for the info.
lee
December 28, 2006 at 1:03 pm
Well, in my opinion, you've certainly got the right attitude for the job. I got my first dba job the same way. I was the lead database developer at my company, and I lobbied for the dba job and got it. I still had a lot to learn when I got it, and I'm sure I still have a lot to learn now many years later.
This is precisely why I frequent groups like these. To learn from problems others are having that I have not yet had or to learn different ways to deal with problems that I have dealt with in a less efficient way.
There have been several occasions where a problem popped up, and I looked exceptionally knowledgeable because I knew the solution right away because i had helped someone else resolve it in their system or read where someone else had helped them solve it.
December 28, 2006 at 1:19 pm
Like my fathers famous two sayings "You can learn a lot from other peoples mistakes" & "Preventive Maintenance is the Best Maintenance"...
I seriously have a lot to learn...more so the concepts of the what and why not so much as the how...
April 3, 2009 at 7:51 am
hi there, reading this post i am not sure whether the original question was ever answered!
I am reviewing permissions on old 2000 server to migrate to 2005.
We have a mixture of ntgroups, single nt accounts and sql logins in many databases.
We have found a lot of single nt accounts so 'domain\payroll_number' that all have 'via group membership' there are unusual permissions granted to these accounts and we are not sure what the 'via group membership' means in the users --> database access column.
in the login section, the user is just a normal nt windows users.
any help on this greatly appreciated...
Oraculum
Viewing 6 posts - 16 through 21 (of 21 total)
You must be logged in to reply to this topic. Login to reply