Number of logins

  • Hello,

    Following on from a similar post I saw on here earlier (http://www.sqlservercentral.com/Forums/Topic951703-391-1.aspx) I was wondering how people prefer to manage the number of logins on their instances.

    Do you simply permit as many logins as are needed, or do you try to restrict that number?

    Just wondering.

  • In my data warehouses I usually have three logins: an administrator group, a reader group and a writer group. I give permissions to those groups and it is up to active directory to put people in the correct groups.

    Need an answer? No, you need a question
    My blog at https://sqlkover.com.
    MCSE Business Intelligence - Microsoft Data Platform MVP

  • Access via AD group indeed a great approach which will reduce you permission managing if you have several servers.

    Regards
    Durai Nagarajan

  • Yeah, I use the same approach as the others, I use AD groups to manage user membership and just apply the appropriate permissions to the AD group. It keeps logins smaller, and allows the service desk to manage group membership.

  • To those guys using AD groups, do you find that you have many groups mapped to logins e.g. many logins, or do you end up with only a few logins as a result (perhaps even many groups mapping to a few logins).

  • we have a DBA Group, reader group and windows apps user account , do you need anything more than this

    Regards
    Durai Nagarajan

  • durai nagarajan (8/16/2013)


    we have a DBA Group, reader group and windows apps user account , do you need anything more than this

    We also use various groups for specific database permissions. Certain logins (mapped to AD groups) can only access some databases, others have write permissions, and so on. Over time this can grow to tens or hundreds of logins (more likely tens) and become unwieldily to manage.

    I was just wondering if this is normal or of as suggested so far people only have three or four levels of permissions and hence only three or four logins.

  • Do you mean to say in production DB user's have write access other that DBA?

    Regards
    Durai Nagarajan

  • Not so 'users' but developers who login from their applications to run DML statements.

  • mike.dinnis (8/16/2013)


    Not so 'users' but developers who login from their applications to run DML statements.

    What do you mean by this - "developers who login from their applications to run DML statements"

    Regards
    Durai Nagarajan

  • mike.dinnis (8/16/2013)


    Not so 'users' but developers who login from their applications to run DML statements.

    On production? That should be a no-no.

    Need an answer? No, you need a question
    My blog at https://sqlkover.com.
    MCSE Business Intelligence - Microsoft Data Platform MVP

Viewing 11 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic. Login to reply