May 7, 2018 at 12:38 pm
Hi all -
I just want to confirm (or find out I am wrong) about setting up creating a group to add users in sql server.
In our environment, we cannot add Windows Groups (AD) for our sql users. Not sure why, everywhere else I have worked, that is what we did. Anyway, since we cannot create a Windows AD group and stuff windows logins into that group, I am thinking that the only way for me to create a group so I can assign/manage permissions easier...is to create a local group on the sql sever machine itself.
I thought maybe Server Roles would help, but those don't allow me to set permissions to specific databases, objects and read/write level. Hence, my thought about creating groups that are local to the machine and then adding the user's windows logins to that group.
thanks
will
May 7, 2018 at 5:08 pm
Found an answer...database roles. I had been looking at Server roles and those won't work for me. But I can create a role for each database and assign it permissions and add users.
May 8, 2018 at 10:19 am
You are correct. Use roles in SQL, equivalent to groups in AD. Always do this, even with AD groups. Use a SQL role for permissions and then add the AD group (or SQL users) to the role.
May 8, 2018 at 11:17 am
Thanks for the extra information. I would not have considered using a role if we had AD Groups. But....I can see where adding that layer would be beneficial.
Thanks!
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply