December 22, 2011 at 9:45 am
I have an instance (10.0.2841) that is using AD auth for user access in a Dev/QA environment. Access is through a chain of AD groups:
test_user --> domain\parent_group --> domain\db_group --> DB
For all domain groups access is working fine. For one db_group access will not work. I have tried eliminating the parent group:
test_user --> domain\db_group --> DB
The test user of domain\db_group still cannot access the DB.
Further, I've performed the following tests:
- verify that SID between sys.database_principals matches sys.server_principals
- added another group to this DB that the test user is a member of and access was successful
test_user --> domain\db_group2 --> DB
- removed access for the server login to the DB and re-added it
- granted test_user access directly to the DB. This was successful
Is anyone aware of another way to test this or have a recommended solution? I have not tried to remove the server login from the instance altogether. My reasoning is that I should be able to identify what the source of the discrepancy is first. This is one step in a large security rollout and I do not want to be on the hook to destroy and recreate all permissions for the db_group should this occur again.
All of your help is much appreciated!
December 31, 2011 at 5:25 pm
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply