Solved

SQL 2012, Login and user mapping

Posted on 2014-11-10
4
294 Views
Last Modified: 2014-11-10
I'm trying to figure how SQL Logins and user mapping work. I watched a couple videos have basic concepts of how SQL login and security works.

Step 1.
I created two AD accounts, admin1 and admin2.
I gave both accounts with 'public' and 'sys_admin' under Security/User properties/Server Role.

Step 2.
Now, I logged in as admin1 to the server, then created a database 'test1'
I logged in as admin2 to the server, then created a database 'test2'

Step3.
Now I checked User Mapping of both users under Security/Logins of the server, each database's dbo is mapped to the database creator( admin1 for test 1's dbo and admin2 for test2's dbo). That's fine.

Step4.
Now I login as admin2 to SQL mgmt studio and was able to do anything on both test1 and test2 databases. Why? I don't give any permission on admin2 to database test1, but what's the logic admin2 can do anything?
0
Comment
Question by:crcsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 50

Accepted Solution

by:
Vitor Montalvão earned 500 total points
ID: 40432955
I gave both accounts with 'public' and 'sys_admin' under Security/User properties/Server Role.
SysAdmin role it's the maximum an user can achieve in SQL Server. Means that he's the administrator and can do anything so there's no need to explicitly give him permission since it already have all permissions he can have.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40432959
So, if I give sys_admin role to any account, user mapping and securables seem not useful to touch?
0
 
LVL 50

Assisted Solution

by:Vitor Montalvão
Vitor Montalvão earned 500 total points
ID: 40433005
Yes. Usually only a DBA has SysAdmin role.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Via a live example, show how to setup several different housekeeping processes for a SQL Server.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question