What does the SQL Server Login property "through group membership" mean/how this it work?
When Iooking at "Security", "Logins" in Enterprise manager there are some accounts with Server Access configured as "Via group membership". If looking at the properties of this user there is an option under 'Authentication' which indeed states: "Through group membership".
What does option mean? Which groups is this setting referring to? How do I configure this/where is the current group membership arranged? Googling for this option did not give me the wanted information and/or explaination. Any info on this setting is welcome, the more the better!
What does option mean? Which groups is this setting referring to? How do I configure this/where is the current group membership arranged? Googling for this option did not give me the wanted information and/or explaination. Any info on this setting is welcome, the more the better!
ASKER CERTIFIED SOLUTION
![Avatar of Guy Hengel [angelIII / a3]](https://filedb.experts-exchange.com/files/public/2013/11/25/ddbe0ea6-aa6e-4279-b781-57b735dd3ea0.jpeg){kind=small}
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
is that account in the local admin group of the sql server box?
ASKER
No, the account is only member of the AD groups I mentioned earlier. The SQL server is installed on a Windows 2000 domain controller. The account is not member of any of the Built In groups
We are in the middle of a migration where these roles will be seperated, that's how I came across these accounts.
We are in the middle of a migration where these roles will be seperated, that's how I came across these accounts.
strange... but maybe the login was in some other group when it was added to the sql logins?
ASKER
Does this mean that the account has become obsolete? Is there a way to check if this account still has access to a DB (apart from checking the properties of the account in Enterprise Manager)
if the login is not defined directly or indirectly (via a sql login based on windows group), it is indeed obsolete.
ASKER
I have researched the particular user account, but I seem to be unable to find the group this account is member of. In the AD the account is only member of two groups; "Domain Users" and SPS-USERS-FR. But none of these groups are defined in the Logins.
When looking at the account properties in Enterprise manager on the 'Server Roles' tab 'Bulk Insert Administrators' is selected but on the Database Access tab there are no databases selected.
How do the two things above relate to 'through group membership' option?
Or is this account misconfigured or something?