Friday, February 24, 2012

Add domain user?

Hi,
By default, when add a domain user in the Domain Controller, is it this new
user can access the sql data?
public role only? Thanks...By default, a new AD user will have no access to a specific SQL Server
unless they are added to a windows group that has access to SQL Server or
their domain account is explicitly added as a login.
HTH
Jasper Smith (SQL Server MVP)
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
"js" <js@.someone@.hotmail.com> wrote in message
news:uB%23HnU3MEHA.3712@.TK2MSFTNGP10.phx.gbl...
> Hi,
> By default, when add a domain user in the Domain Controller, is it this
new
> user can access the sql data?
> public role only? Thanks...
>|||Thanks Jasper.
Another question about this one: if a particular role of which the user is a
member has been denied a specific object permission (such as SELECT), the
user is unable to exercise that permission. The most restrictive permission
(DENY) takes precedence.
What will happen in this case: MYDN\Test is belonging to local administrator
group and System Admin Server Role. And I set "db_denydatawriter" to this
user in Northwind database. Can this user exec the "Updte ." statement in
Northwind's table?
Please advice...
"Jasper Smith" <jasper_smith9@.hotmail.com> wrote in message
news:OSzDVD5MEHA.2592@.tk2msftngp13.phx.gbl...
> By default, a new AD user will have no access to a specific SQL Server
> unless they are added to a windows group that has access to SQL Server or
> their domain account is explicitly added as a login.
> --
> HTH
> Jasper Smith (SQL Server MVP)
> I support PASS - the definitive, global
> community for SQL Server professionals -
> http://www.sqlpass.org
>
> "js" <js@.someone@.hotmail.com> wrote in message
> news:uB%23HnU3MEHA.3712@.TK2MSFTNGP10.phx.gbl...
> new
>|||SA will overrule. The user will be SA.
Jeff Duncan
MCDBA, MCSE+I
"js" <js@.someone@.hotmail.com> wrote in message
news:edWLIh5MEHA.1644@.TK2MSFTNGP09.phx.gbl...
> Thanks Jasper.
> Another question about this one: if a particular role of which the user is
> a
> member has been denied a specific object permission (such as SELECT), the
> user is unable to exercise that permission. The most restrictive
> permission
> (DENY) takes precedence.
> What will happen in this case: MYDN\Test is belonging to local
> administrator
> group and System Admin Server Role. And I set "db_denydatawriter" to this
> user in Northwind database. Can this user exec the "Updte ." statement in
> Northwind's table?
>
> Please advice...
>
> "Jasper Smith" <jasper_smith9@.hotmail.com> wrote in message
> news:OSzDVD5MEHA.2592@.tk2msftngp13.phx.gbl...
>|||Thanks Jeff.
How to assign denywrite to MYDN\Test have without by removing it from local
administrator?
If I take out the db_owner from BUILTIN\Administrators will cause any
problem'
"Jeff Duncan" <jduncan@.gtefcu.org> wrote in message
news:eq5wXr5MEHA.3208@.TK2MSFTNGP10.phx.gbl...
> SA will overrule. The user will be SA.
> --
> Jeff Duncan
> MCDBA, MCSE+I
> "js" <js@.someone@.hotmail.com> wrote in message
> news:edWLIh5MEHA.1644@.TK2MSFTNGP09.phx.gbl...
is[vbcol=seagreen]
the[vbcol=seagreen]
this[vbcol=seagreen]
in[vbcol=seagreen]
or[vbcol=seagreen]
>|||Go through it first with a fine tooth comb. Make sure the ID that is
running SQL has access by itself and not in a group. Make sure that the
proper Local Admins have direct access accounts and then remove it. Make
yourself a standard login first just for safe keeping if you are in mixed
mode. You should be fine.
Jeff Duncan
MCDBA, MCSE+I
"js" <js@.someone@.hotmail.com> wrote in message
news:O86FNw5MEHA.3472@.TK2MSFTNGP10.phx.gbl...
> Thanks Jeff.
> How to assign denywrite to MYDN\Test have without by removing it from
> local
> administrator?
> If I take out the db_owner from BUILTIN\Administrators will cause any
> problem'
>
>
> "Jeff Duncan" <jduncan@.gtefcu.org> wrote in message
> news:eq5wXr5MEHA.3208@.TK2MSFTNGP10.phx.gbl...
> is
> the
> this
> in
> or
>

No comments:

Post a Comment