April 20, 2021 at 7:54 am
Hi All
If a user belongs to 2 AD groups, both of which are logins in SQL Server. What determines which group the user is coming through when connecting to SQL.
I'm trying to troubleshoot a possible permissions issue in SQL.
User1 is part of ADGroup1 & ADGroup2.
ADGroup1 & ADGroup2 are logins in SQL.
ADGroup1 has db_owner permissions to the DB in question.
ADGroup2 has no permissions to the DB in question.
Is this a problem?
Thanks
April 20, 2021 at 8:27 am
Permissions are cumulative, so a user who is part of 2 groups will have the combined privileges of both.
Remember DENY trumps a GRANT, so any DENY in one group will cancel out a GRANT in another group
But from what you have detailed that would not be an issue if ADGroup1 has permissions and ADGroup2 has no permissions as there is nothing for it to combine.
April 20, 2021 at 1:38 pm
From the horse's mouth...
April 28, 2021 at 3:34 am
This was removed by the editor as SPAM
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply