Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 804
  • Last Modified:

What does the SQL Server Login property "through group membership" mean/how this it work?

When Iooking at "Security", "Logins" in Enterprise manager there are some accounts with Server Access configured as "Via group membership". If looking at the properties of this user there is an option under 'Authentication' which indeed states: "Through group membership".

What does option mean? Which groups is this setting referring to? How do I configure this/where is the current group membership arranged? Googling for this option did not give me the wanted information and/or explaination. Any info on this setting is welcome, the more the better!
0
Erik Nettekoven
Asked:
Erik Nettekoven
  • 4
  • 3
1 Solution
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
This appears when:

* you created a login based on a windows group in the logins
* then, you granted a windows account (which is member of that group) some permissions in a database
  -> this second option will create the login implicitely, with that option.
0
 
Erik NettekovenTechnical ConsultantAuthor Commented:
Angellll thank you for your quick (!!) comment. It is making a little more sense already, but I don't get the complete picture yet.

I have researched the particular user account, but I seem to be unable to find the group this account is member of. In the AD the account is only member of two groups; "Domain Users" and SPS-USERS-FR. But none of these groups are defined in the Logins.

When looking at the account properties in Enterprise manager on the 'Server Roles' tab 'Bulk Insert Administrators' is selected but on the Database Access tab there are no databases selected.

How do the two things above relate to 'through group membership' option?
Or is this account misconfigured or something?
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
is that account in the local admin group of the sql server box?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Erik NettekovenTechnical ConsultantAuthor Commented:
No, the account is only member of the AD groups I mentioned earlier. The SQL server is installed on a Windows 2000 domain controller. The account is not member of any of the Built In groups

We are in the middle of a migration where these roles will be seperated, that's how I came across these accounts.
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
strange... but maybe the login was in some other group when it was added to the sql logins?
0
 
Erik NettekovenTechnical ConsultantAuthor Commented:
Does this mean that the account has become obsolete? Is there a way to check if this account still has access to a DB (apart from checking the properties of the account in Enterprise Manager)
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
if the login is not defined directly or indirectly (via a sql login based on windows group), it is indeed obsolete.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now