Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Krimblkrum
Starting Member
2 Posts |
 Posted - 2011-01-12 : 15:12:02
|
| I've created a login in SQL Server 2005, for a valid NT domain group. I've mapped the login as a user to the necessary database and added that login/user to the db_datareader role. A user is unable to connect to the database with a domain account that I've confirmed is a member of the NT domain group.When I create a login for the user's individual account they are able to connect successfully. If I then remove the new login (for the individual account) then the user can still connect.I'm confused about why this is happening, and I cannot afford to manage accounts individually. Could someone suggest how I might get passed this issue? |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
|
|
Krimblkrum
Starting Member
2 Posts |
Posted - 2011-01-12 : 16:20:06
|
Yes. I granted the Windows group db_datareader privileges on the database. The user couldn't connect to the database so I granted db_datareader to the user's account. The user could then connect. I revoked privileges to the user's account (relying on the group authority) and the user was still able to connect.So it would seem that granted authority to Windows group does not allow a user to connect unless the user's account was temporarily given authority to connect. I know it doesn't make sense, so that's why I've posted this thread.  |
 |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2011-01-12 : 16:23:21
|
| I think that you likely just encountered a glitch. We use Windows group for all data access for internal folks. We do not add individual accounts. If it happens again, have the user logout of their desktop and back in. Sometimes if a change was made while that person was logged into, it can mess up the current security context. This is especially true if a password was modified.Tara KizerMicrosoft MVP for Windows Server System - SQL Serverhttp://weblogs.sqlteam.com/tarad/Subscribe to my blog |
|
|
|
|
|
|
Granting to an NT group