April 8, 2015 at 11:28 am
I am trying to write a script that generates a user audit of users who actually can and can't access a database. When it comes to groups I'm using xp_logininfo to get the members of the group. I have noticed that you can have a group configured under Database\Users but that group doesn't have to be configured in Security\Logins. As long as the individual member inside the group is configured with a login for their username they can access the database through the group. However, in these cases, xp_logininfo doesn't return any results when attempting to determine the members of the group. Is there any way to resolve this? I've seen other examples of scripts that actually link the Active Directory server but this will not be an option as our customer base is widespread and diverse.
April 8, 2015 at 3:14 pm
I dont know how you can check group membership of a group that is not a login but you could check all group membership for a given login with sys.login_tokens
execute as login= 'domain\username'
go
SELECT *
FROM sys.login_token
revert;
April 8, 2015 at 5:52 pm
Thanks for the reply. I don't think this will give me what I need.
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply