Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
wrentham
Starting Member
1 Post |
 Posted - 2012-10-15 : 06:46:20
|
| Hi,I have an issue where some users are able to access tables that you they shouldn't. I checked their Active Directory Group membership and confirmed that they belong to two groups that don't have permission to these tables. I then ran "EXEC sp_validatelogins" and I found a Group that appears to have been deleted from AD but still exists within SQL Logins and also in SQL Users. This group has db_owner permissions and the users did belong to the group before it was deleted. Even if this group was deleted from AD does the db_owner permission still apply for these users? Can I ran a query that would confirm this?thanks. |
|
|
jackv
Master Smack Fu Yak Hacker
2179 Posts |
Posted - 2012-10-16 : 01:54:44
|
| For the user to have access - the AD group would have still be valid - as it needs to resolve against the AIs it possible they are accesing via some other path?Have you checked which groups these users are members of in the AD itself? Then cross - reference against SQL Server Logins?Jack Vamvas--------------------http://www.sqlserver-dba.com |
 |
|
|
|
|
|
Deleted Active Directory Group