April 18, 2003 at 10:35 pm
Hi All,
I have got this idea. I am not sure How this is going to work. Please let me know your thoughts....
I would like to be able to know the following at any point of time:
1. To be able know what access a GROUP had on a database on a specific date.
2. To be able know what access a User had on a database on a specific date.
3. To be able to know who are the members of a specific group on any given date.
To achieve the above, I would like to create three tables in each database (OR) one table in master for all databases.
So that I would be able to know the status of the above three issues. 6 months in a year, some of my servers access is getting changed ver very frequently. This is because of the Application requirements as well as business requirements.
This feature would help me in great detail, since most of my time is getting dumped into either discussion or granting access per specific date.
OR is there any easier way to know the above??
Please let me know your thoughts.
.
April 19, 2003 at 5:48 am
Interesting. Users and roles you can pull from sysusers. Then you can pull permissions from sysprotects. Harder part is the user may be either an NT login or an NT group - and the group could contain other groups, etc. You'll have to pull all of that out of Active Directory. Certainly possible.
Not sure I understand the business requirements changing that much. Typically an application has full access to the data needed to run (either direct table access or via stored procs), then app layer security controls which users can do which functions, see which data, etc. To control that, most applications have their own "user" table that has a few security parameters. For example, I have an app where there are about 6 bit columns associated with the user - IsManager, IsSysAdmin, etc. Admin level users an maintain the user list themselves, then it becomes super easy to track who had what level of access when.
Andy
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply