August 27, 2008 at 8:08 am
If Login-Enabled/Disabled allows you disable access to all securables on a SQL Server, why do we need the Grant/Deny on the Login Properties tab in SQL 2005.
ie. if my login is disabled at the server level, I can't do anything on the server anyway?! even if my login status is Grant.
Any clarity would be appreciated.
August 27, 2008 at 8:42 am
Funny, I had not looked at this before but in reading BOL the functionality is very similar. From what I remember Oracle had similar functionality and the Oracle DBA's that I used to work with would use the "Enabled / Disabled" for inactive accounts but leave the "CONNECT" (basically what Grant / Deny does) enabled so that in the event a user needed to be Enabled again they could with the same permissions as before.
I can't think of an example where I would use them independantly in SQL Server but, someone else might.
David
@SQLTentmaker“He is no fool who gives what he cannot keep to gain that which he cannot lose” - Jim Elliot
August 27, 2008 at 9:34 am
Thanks for the reply.
I agree, if the Deny checkbox is ticked the permissions are still associated with that login, as the Login still retains its permissions after being disabled!
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply