October 30, 2015 at 1:54 am
Hi,
Sorry of this is basic question but I have some doubts about the way some app is accessing SQL Server on my network.
The app is running on Windows 2012 RDS server and the SQL Server is on another Windows 2012 Server. The app has been configured
with generic user id with Windows Authentication set to yes and which was also added to SQL Server users accounts and to Windows accounts on SQL Server machine as well.
Now the question is if this is correct way, since I still have to add each user from Active Directory to SQL Server accounts and Windows Accounts
who wants to run that app and give them rights which is kinda tedious when there is a lot of users.
Shouldn't be enough to give that generic app user all the rights and then whoever is logged in uses its privileges?
Plus why do I need add user accounts to Windows machine where SQL server is running, cannot be SQL Server accessed directly?
thanks
October 30, 2015 at 1:58 am
You need to use Groups in Windows
Create a Group called Appusers in AD
Add users to the AD Group
Create a Login in SQL Server using the WINDOWS Group AppUsers
Grant the minimum required permission within SQL for this GROUP to function
This way when people join or leave the App you manage their access only on AD, if they are a member they can access the database else not.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply