Results 1 to 4 of 4
  1. #1
    Join Date
    Dec 2007
    Posts
    288

    Unanswered: group permissions in sql server 2005

    I have been reading up on the best way to do group permissions in SQL Server 2005.

    I have a couple of apps that have MANY users with the same permissions. I added them all as users to the instance and then created a DB Group, gave the group the appropriate permissions and then added the users to the group. Is this the best way to handle this?? Is there a way to create a local windows group on the server, add all of the users to it and then grant the group permissions that way? or do the users all have to be added individually to the instance before they can be added to a new DB group?

  2. #2
    Join Date
    Feb 2004
    Location
    One Flump in One Place
    Posts
    14,912
    yes, best practice is to manage permissions through groups.
    You can grant logins to windows groups too. I am a little more ambivalent on this - if you (as the DBA) have control of this group then great. If you have a good, solid working relationship with the team responsible for maintaining this list then great. If you have an irresponsible member of the system team that shoves people in and out of the AD groups on a whim (as we did once) then you might not want to give up control for that sort of thing.
    Testimonial:
    pootle flump
    ur codings are working excelent.

  3. #3
    Join Date
    Dec 2007
    Posts
    288
    I wasn't really talking about an AD group ( I do not have control over AD Groups) but creating a local group on the Server and then granting that group permissions to a particular database. SOUNDS like it should work. before I go through the trouble .. wondering if it is feasible?????

  4. #4
    Join Date
    Mar 2007
    Posts
    86

    group permissions

    I do this on my sybase and ms sql servers. Groups are easy to manage, especially for a large user community. I have departmental groups, application server groups, query groups, admin groups (for supersuers) etc. When used intelligently it will save you a lot of time.. who can keep track of 1500 users individually? Einstein? ;-))

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •