March 18, 2013 at 6:35 pm
Hello,
I'm a bit confused about permissions. If a user, User1, belong to multiple groups, say
ADGroup1 --> SQLGroup2 --> SELECT permission on Table1, Table2 in DB1
ADGroup2 --> SQLGroup3 --> INSERT/UPDATE permission on Table1 and Table3 in DB1
ADGroup3 --> SQLGroup9 --> VIEW Definition to DB3
In this case, what permission the User1 has it? I think all of it since this user is part of those 3 AD groups and these AD groups are member of SQL groups that the permissions have been set.
Is this right or is there something that I missed?
Thanks much!!
March 18, 2013 at 6:52 pm
All security in SQL Server is cumulative unless an explicity DENY in one group overrides a setting from another. That includes both internal (SQL) and external (AD) group associations. So you're correct, they'd have every permission listed above, barring another one that's not listed with a DENY to a particular one.
Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.
For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA
March 18, 2013 at 8:24 pm
thanks a lot for clarification.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply