I have been reading up on the best way to do group permissions in SQL Server 2005.
I have a couple of apps that have MANY users with the same permissions. I added them all as users to the instance and then created a DB Group, gave the group the appropriate permissions and then added the users to the group. Is this the best way to handle this?? Is there a way to create a local windows group on the server, add all of the users to it and then grant the group permissions that way? or do the users all have to be added individually to the instance before they can be added to a new DB group?
yes, best practice is to manage permissions through groups.
You can grant logins to windows groups too. I am a little more ambivalent on this - if you (as the DBA) have control of this group then great. If you have a good, solid working relationship with the team responsible for maintaining this list then great. If you have an irresponsible member of the system team that shoves people in and out of the AD groups on a whim (as we did once) then you might not want to give up control for that sort of thing.
I wasn't really talking about an AD group ( I do not have control over AD Groups) but creating a local group on the Server and then granting that group permissions to a particular database. SOUNDS like it should work. before I go through the trouble .. wondering if it is feasible?????
I do this on my sybase and ms sql servers. Groups are easy to manage, especially for a large user community. I have departmental groups, application server groups, query groups, admin groups (for supersuers) etc. When used intelligently it will save you a lot of time.. who can keep track of 1500 users individually? Einstein? ;-))