March 21, 2013 at 11:10 am
Hi everyone,
I was thinking of publishing some Table Reports with an online connection to my MSSQL server.
All of that works fine...
Now I was hoping to use my security groups to manage the access to the database.
When trying to use the security group as shown below it does not work - probably because that is only for users - however I was not able to find syntax for a group.
GRANT IMPERSONATE ON USER::[my_domain\gordon] to [my_domain\tableau];
Any advise is much appriciated.
Cheers,
Gordon
April 7, 2013 at 1:04 pm
Hi Gordon,
Unfortunately, this is not possible currently in SQL Server. SQL Server (for some reason) cannot read members out of the AD group configured as a login in SQL Server itself (both AD and SQL Server are Microsoft products, right :crazy: ?).
The impersonation is possible only when the impersonated login exists in sys.server_principals.
Check the similar topic at http://www.sqlservercentral.com/Forums/Topic1434100-1526-2.aspx.
April 7, 2013 at 1:11 pm
...just to add that the syntax for the login in fact completes successfully:
use master
go
GRANT IMPERSONATE ON login::[domain\Security Group] TO [domain\User]
go
but then, when launching EXECUTE AS to impersonate an individual login, a member of [domain/Security Group], SQL Server cannot identify it!
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply