Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 209
  • Last Modified:

Access in sql

I need to give db_owner access to one person present in the AD group which has db_reader access in sql server.Is this is possible?

And I need to deny access to one person in the ad group which has db_owner access.
0
VIVEKANANDHAN_PERIASAMY
Asked:
VIVEKANANDHAN_PERIASAMY
  • 3
  • 3
  • 2
1 Solution
 
Matt BowlerDB team leadCommented:
Not within SQL Server unfortunately. SQL Server can determine whether a user is a member of the group or not - but all permissions/privileges are mapped at a SQL Server login and user level. So if you're using a group as a SQL Server login then it's all or nothing I'm afraid.

You'll need to break open the group at an AD level.
0
 
Racim BOUDJAKDJIDatabase Architect - Dba - Data ScientistCommented:
Why don't you simply create an group for OWNERS and a group for READERS and map them to two separate logins.  Then you can simply put whoever you want anywhere you want depending on what credentials you want to assign.
0
 
VIVEKANANDHAN_PERIASAMYAuthor Commented:
No experts, When i did my SQL admin certification, somewhere i remeber it's possible.But not sure.
Atleast i beleieve we can restrict the access.

>>And I need to deny access to one person in the ad group which has db_owner access<<
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Racim BOUDJAKDJIDatabase Architect - Dba - Data ScientistCommented:
No experts, When i did my SQL admin certification, somewhere i remeber it's possible.But not sure.
Atleast i beleieve we can restrict the access.

Perhaps but that would be a security hack.  

I advise you to do as MattSQL and I suggested to map credential to groups by breaking them down into OWNERS and READERS then assign users to them in an additive way.  The only thing left to do then is to add users to either of these groups based on the level of credential you want to give them: it will be much easier to update than your current policy scheme.

Hope this helps.
0
 
VIVEKANANDHAN_PERIASAMYAuthor Commented:
Hello Racimo,

I knew about the alter method.Just eager to know if there is way to do it.
0
 
Matt BowlerDB team leadCommented:
I had a client who required the same sort of security setup and I spent some time investigating and testing various options. Basically the granularity of SQL Security principals stops at SQL users. If you want to configure separate permission levels - you need separate users/logins.
0
 
VIVEKANANDHAN_PERIASAMYAuthor Commented:
Need some more tim to investigate
0
 
Matt BowlerDB team leadCommented:
Has this been resolved?
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now