November 5, 2010 at 9:29 am
I have two accounts one account is a SQL Server Authentication account, and one account is an AD account that is in an AD group and the AD group is configured as a login on the SQL server. Both the AD group and the SQL Server Authenticated accounts have the db_datareader role membership for a specific database. If I log in as the SQL Server Authenticated user into SSMS and navigate to the Scaler-valued Functions, the folder appears empty. I also can not execute these functions since I don't have access to them. But the AD user in the AD group can do the same process and can see and execute the functions. If I manually give the SQL user execute rights on specific functions that user can execute the function. So why would the AD account with the same rights as the SQL account have different functional rights?
Thanks,
Dep
November 5, 2010 at 9:50 am
Is the AD group part of any server-level roles?
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
November 5, 2010 at 10:00 am
No. Both the SQL user and the AD group have server roles of public and db_datareader role on the database.
Dep
November 8, 2010 at 6:15 am
And have the AD accounts been granted any rights that allow viewing database objects? Explicit grant. Or has the other account been denied such rights explicitly?
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply