Author |
Topic |
leoc50
Yak Posting Veteran
54 Posts |
Posted - 2014-10-15 : 16:57:23
|
I have a user that has the same permissions and login access across different environments (Dev, Test, Stg & Prod, he's able to see the objects in all of then except in the Prod instance or environment. Hi team mates are configured the same and they can see the object in all environments. I've checked and double checked his config. and even followed some suggestions from the web yet I can't find the difference on his 'Prod' environment...Can anyone offer a different clue as to why this behavior?Thanks,lec- lec |
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2014-10-15 : 17:01:45
|
Is he perhaps in a group that revokes access? Revoke wins over grant. Is it a Windows account or SQL account?Tara KizerSQL Server MVP since 2007http://weblogs.sqlteam.com/tarad/ |
|
|
leoc50
Yak Posting Veteran
54 Posts |
Posted - 2014-10-15 : 17:03:25
|
Hi Tara,It is a windows account (AD)- lec |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2014-10-15 : 17:08:52
|
Run this to see which groups the user is in and then investigate permissions in each of those groups:EXEC master.dbo.xp_logininfo 'DomainName\UserName'Tara KizerSQL Server MVP since 2007http://weblogs.sqlteam.com/tarad/ |
|
|
leoc50
Yak Posting Veteran
54 Posts |
Posted - 2014-10-15 : 17:21:20
|
Thanks for that, however I get:Msg 15404, Level 16, State 19, Procedure xp_logininfo, Line 62Could not obtain information about Windows NT group/userfor any user...These SQL servers are on a different Domain that the AD accounts. but even a good working account with me the same msg.- lec |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2014-10-15 : 17:24:41
|
Are the accounts listed in Security\Logins in SSMS? Or just groups? If just groups, please add the account as a login just so that you can run that command. After getting the output, you can then remove the account from logins.Tara KizerSQL Server MVP since 2007http://weblogs.sqlteam.com/tarad/ |
|
|
leoc50
Yak Posting Veteran
54 Posts |
Posted - 2014-10-15 : 17:39:31
|
The accounts were in Security/Logins but I just neglected to check at the database level...so now he has tables and views, still missing sprocs!- lec |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2014-10-15 : 17:52:16
|
Oh I thought you had determined the access was the same. If stored procs are missing, then you'll need to compare the access for each stored proc. This is why it's recommended to use groups so that you can just add accounts to a group and the group has the permissions.Tara KizerSQL Server MVP since 2007http://weblogs.sqlteam.com/tarad/ |
|
|
leoc50
Yak Posting Veteran
54 Posts |
Posted - 2014-10-15 : 17:57:16
|
Yeah, that's what I know from Oracle; I'll look into changing these 'different' permissions in the near future.Thanks Tara!- lec |
|
|
|