Solved

SQL 2012, Login and user mapping

Posted on 2014-11-10
4
292 Views
Last Modified: 2014-11-10
I'm trying to figure how SQL Logins and user mapping work. I watched a couple videos have basic concepts of how SQL login and security works.

Step 1.
I created two AD accounts, admin1 and admin2.
I gave both accounts with 'public' and 'sys_admin' under Security/User properties/Server Role.

Step 2.
Now, I logged in as admin1 to the server, then created a database 'test1'
I logged in as admin2 to the server, then created a database 'test2'

Step3.
Now I checked User Mapping of both users under Security/Logins of the server, each database's dbo is mapped to the database creator( admin1 for test 1's dbo and admin2 for test2's dbo). That's fine.

Step4.
Now I login as admin2 to SQL mgmt studio and was able to do anything on both test1 and test2 databases. Why? I don't give any permission on admin2 to database test1, but what's the logic admin2 can do anything?
0
Comment
Question by:crcsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 49

Accepted Solution

by:
Vitor Montalvão earned 500 total points
ID: 40432955
I gave both accounts with 'public' and 'sys_admin' under Security/User properties/Server Role.
SysAdmin role it's the maximum an user can achieve in SQL Server. Means that he's the administrator and can do anything so there's no need to explicitly give him permission since it already have all permissions he can have.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40432959
So, if I give sys_admin role to any account, user mapping and securables seem not useful to touch?
0
 
LVL 49

Assisted Solution

by:Vitor Montalvão
Vitor Montalvão earned 500 total points
ID: 40433005
Yes. Usually only a DBA has SysAdmin role.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
In-place Upgrading Dirsync to Azure AD Connect
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question