If they are using Windows authentication [preferred]:
1. Group users into a Windows Domain Security group (NT admin)
2. Add NT Group to SQL Server Logins (using EM or sp_AddLogin)
2a. Select a default database (using EM or sp_AddLogin, @defdb)
3. Grant the NT Group access to the desired database(s) (using EM or sp_grantdbaccess)
4. Either assign the NT Group to an appropriate standard database role (eg db_datareader) or a custom role that you create.
Alternatively, you could assign SELECT, UPDATE, DELETE, EXECUTE privileges directly to the NT Group, but it's not strictly considered a "best practice".
If the are using SQL authentication [not preferred]:
1. Create individual SQL user accounts using EM or sp_AddLogin
2. Select a default database (using EM or sp_AddLogin, @defdb)
3. Grant each user access to the desired database(s) (using EM or sp_grantdbaccess)
4. You MUST assign either a standard db role or a custom role; trying to manage individual permissions to individual logins can be REALLY hairy.
If you are going to be using SQL authentication, I think you should:
1. Consider scripting the user administration and using a front-end tool other than EM or QA.
2. Be aware that the user names and passwords are sent out over the wire using a weak hashing algorithm that is easily defeated (ie, watch out for snoopers and definitely avoid the internet)
Originally Posted by bruce_nguyen
Have you hugged your backup today?