Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2005-05-30 : 08:50:23
|
| KIRAN writes "Hi ,This is kiran from india. I work in ABC organization and we have 2000 AD.We have created Global Groups and users are added.We have create Server Domain local Groups and added them to Server Local GroupWe have assigned SQL-2000 permissions to Server Local Groups.And global users are not able to get the required access to their roles assigned..Please suggest.We tried to add the Global Group to Server Local group and it works." |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2005-05-30 : 23:06:03
|
| have you added the global user group in sql?if yes, have you applied the required permissions?if yes, are the machines of your global user group allowed to connect to the server? - possible firewall issueHTH--------------------keeping it simple... |
 |
|
|
dragan
Starting Member
17 Posts |
Posted - 2005-05-31 : 03:35:52
|
| Try this (of which you have done but perhaps in the wrong order)1. Create a Domain Group (global group).2. Create a local group on your server.3. Add your domain group into the local group on your server. (global groups into local groups).4. Add the local group (which was just populated with the global/domain group) in SQL.5. Assign appropriate privilages to the local group that you just added to SQL under logins.Later |
|
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2005-05-31 : 05:14:44
|
skip #2 and 3, users do not need to be included in the windows local groupto access the sql server, and it is dangerous to do so unless the windows user is the sql service account, in which case it should be a member of the local admin groupquote:
Originally posted by dragan
Try this (of which you have done but perhaps in the wrong order)1. Create a Domain Group (global group).2. Create a local group on your server.3. Add your domain group into the local group on your server. (global groups into local groups).4. Add the local group (which was just populated with the global/domain group) in SQL.5. Assign appropriate privilages to the local group that you just added to SQL under logins.Later
--editfor #4, directly pick up the domain group in SQL  --------------------keeping it simple... |
|
|
|
dragan
Starting Member
17 Posts |
Posted - 2005-05-31 : 05:24:37
|
| Microsoft recommends that global groups be added into local groups. There's no need to be part of the local admin group. Your domain policy will control the user's permissions! Even if the users were to be local admins a DBA would remove the Built-in admin option anyway as standard practice. If Built-in admins was left with Grant access then he has a major security issue!Besides he's aready tried skipping those 2 steps and it didn't work. |
|
|
|
|
|
|
SQL-GLOBAL GROUP ACCESS PROBLEMS