November 19, 2014 at 9:33 am
I'm creating a SQL Agent job that includes a step to disable certain logins. This step keeps failing and I can't figure out why.
My login is in the sysadmin group. The service account is also in the sysadmin group.
Still certain (not all) logins are throwing a permissions error:
Cannot alter the login 'OurDomain\AspNetUserGroup', because it does not exist or you do not have permission. [SQLSTATE 42000] (Error 15151)
That's just one example. There are a couple others that cause failure as well.
November 19, 2014 at 10:48 am
windows groups cannot be denied as detailed here
The link states;
MSDN - ALTER LOGIN (Transact-SQL)
You cannot use ALTER_LOGIN with the DISABLE argument to deny access to a Windows group. For example, ALTER_LOGIN [domain\group] DISABLE will return the following error message:"Msg 15151, Level 16, State 1, Line 1
"Cannot alter the login 'Domain\Group', because it does not exist or you do not have permission."
This is by design.
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply