What does the SQL Server Login property "through group membership" mean/how this it work?

When Iooking at "Security", "Logins" in Enterprise manager there are some accounts with Server Access configured as "Via group membership". If looking at the properties of this user there is an option under 'Authentication' which indeed states: "Through group membership".

What does option mean? Which groups is this setting referring to? How do I configure this/where is the current group membership arranged? Googling for this option did not give me the wanted information and/or explaination. Any info on this setting is welcome, the more the better!
LVL 1
Erik NettekovenTechnical ConsultantAsked:
Who is Participating?
 
Guy Hengel [angelIII / a3]Connect With a Mentor Billing EngineerCommented:
This appears when:

* you created a login based on a windows group in the logins
* then, you granted a windows account (which is member of that group) some permissions in a database
  -> this second option will create the login implicitely, with that option.
0
 
Erik NettekovenTechnical ConsultantAuthor Commented:
Angellll thank you for your quick (!!) comment. It is making a little more sense already, but I don't get the complete picture yet.

I have researched the particular user account, but I seem to be unable to find the group this account is member of. In the AD the account is only member of two groups; "Domain Users" and SPS-USERS-FR. But none of these groups are defined in the Logins.

When looking at the account properties in Enterprise manager on the 'Server Roles' tab 'Bulk Insert Administrators' is selected but on the Database Access tab there are no databases selected.

How do the two things above relate to 'through group membership' option?
Or is this account misconfigured or something?
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
is that account in the local admin group of the sql server box?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Erik NettekovenTechnical ConsultantAuthor Commented:
No, the account is only member of the AD groups I mentioned earlier. The SQL server is installed on a Windows 2000 domain controller. The account is not member of any of the Built In groups

We are in the middle of a migration where these roles will be seperated, that's how I came across these accounts.
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
strange... but maybe the login was in some other group when it was added to the sql logins?
0
 
Erik NettekovenTechnical ConsultantAuthor Commented:
Does this mean that the account has become obsolete? Is there a way to check if this account still has access to a DB (apart from checking the properties of the account in Enterprise Manager)
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
if the login is not defined directly or indirectly (via a sql login based on windows group), it is indeed obsolete.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.