Need some suggestion on how to tackle DB access for users

Question

Need some suggestion on how to tackle DB access for users

LearningDBA

SSCertifiable

Points: 6609
More actions
December 13, 2016 at 2:51 pm

#332708

Experts, we have decent amount of servers and hundreds of users accessing DBs on those servers. It gets painful time to time to manage users and their access. There are many users who are part of a development group who have almost same rights on the same server. I was thinking about maybe creating an AD group and assign that group read only or R/W access on the DB which I think makes it easier for me to restore all permissions as well after the refresh. Is it a good way of doing it or if there is another approach I should consider. Please let me know.
"He who learns for the sake of haughtiness, dies ignorant. He who learns only to talk, rather than to act, dies a hyprocite. He who learns for the mere sake of debating, dies irreligious. He who learns only to accumulate wealth, dies an atheist. And he who learns for the sake of action, dies a mystic."[/i]

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply

Sue_H SSC Guru Points: 90860 More actions · Answer 1

New Born DBA (12/13/2016)
Experts, we have decent amount of servers and hundreds of users accessing DBs on those servers. It gets painful time to time to manage users and their access. There are many users who are part of a development group who have almost same rights on the same server. I was thinking about maybe creating an AD group and assign that group read only or R/W access on the DB which I think makes it easier for me to restore all permissions as well after the refresh. Is it a good way of doing it or if there is another approach I should consider. Please let me know.

Definitely. Managing the permissions with AD groups will be much easier. The more you can use AD groups and roles, the better.

Sue

kevaburg SSCoach Points: 18131 More actions · Answer 2

New Born DBA (12/13/2016)
Experts, we have decent amount of servers and hundreds of users accessing DBs on those servers. It gets painful time to time to manage users and their access. There are many users who are part of a development group who have almost same rights on the same server. I was thinking about maybe creating an AD group and assign that group read only or R/W access on the DB which I think makes it easier for me to restore all permissions as well after the refresh. Is it a good way of doing it or if there is another approach I should consider. Please let me know.

Actually this is a best practice! The manageability of users on the instance will be greatly improved.....