Permissions

  • I have several tables in the database. I need to have permissions set up for the users so they can access the tables. So, How would you recommend getting them set up? Currently, there are 10 users. I was thinking to create a group in active directory and add the all users added to the group and then grant the permission to the group rather than individual user. Does that sounds good? Any other ideas?

    Thanks

  • Admingod - Friday, December 28, 2018 11:32 AM

    I have several tables in the database. I need to have permissions set up for the users so they can access the tables. So, How would you recommend getting them set up? Currently, there are 10 users. I was thinking to create a group in active directory and add the all users added to the group and then grant the permission to the group rather than individual user. Does that sounds good? Any other ideas?

    Thanks

    Use a DB role, and grant permissions to that.
    Add the users, or the AD group, to the DB role.
    Use a non-default schema for the tables.

    The absence of evidence is not evidence of absence
    - Martin Rees
    The absence of consumable DDL, sample data and desired results is, however, evidence of the absence of my response
    - Phil Parkin

  • Admingod - Friday, December 28, 2018 11:32 AM

    I have several tables in the database. I need to have permissions set up for the users so they can access the tables. So, How would you recommend getting them set up? Currently, there are 10 users. I was thinking to create a group in active directory and add the all users added to the group and then grant the permission to the group rather than individual user. Does that sounds good? Any other ideas?

    Thanks

    That's a great way to do it. Utilizing active directory groups can really make managing things a lot cleaner. Groups are much easier to manage than individuals.
    Often times there are already groups in AD that correspond to all the members needing the same database permissions so watch for that as well.

    Sue

  • Doesn't look there is a already groups in AD. Would you rather see the AD group modified to grant all users the same access, or setup individual accounts?

  • If it's all users in the domain you can use the Authenticated Users group. Otherwise, I don't know enough about your AD groups to say. But groups and roles are generally the preferred way to manage the logins, users in SQL Server. You can also do things like adding two or more AD groups to a role which can also simplify things. The more individual accounts you manage, the more work you have.

    Sue

  • Thanks Sue!

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply