sql server login best practice questions

  • Thread starter AkAlan via AccessMonster.com
  • Start date
A

AkAlan via AccessMonster.com

I have several sql server databases that I have inherited and there are some
differences in how users access the server from how I had always done things
before. I had always had each user have a seperate login account and then
assign them to groups on the sql server. The way things are on my inherited
server is there are no individual logins rather the logins are Windows Active
Directory groups. Permissions are then based on those users. It really seems
like a slick way to do things, reducing a lot of time spent on redundancy but
is this going to give me any problems down the road? Is this a standard way
of doing things on networks that windows authenticate? Any thoughts on the
matter would be appreciated.
 
P

Paul Shapiro

Yes, that works well. You can let the appropriate person(s) manage the AD
group membership, and you just have to manage the SQL permissions by group.
I don't know if it's still true, but a few years back MS recommended
creating local groups on the SQL Server machine, whose membership would be
defined as the matching AD group. SQL permissions would be specified in
terms of the local group. The only advantage I see to that is you can easily
move it to another site and re-establish the local groups. It gives you one
more level of indirection.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Outlook Desktop (latest) stopped syncing IMAP accpounts from selfowned Mail server. 0
ODBC error 100 when accessing Bookkeeper version 15 software (accounting software using Access dbase) 0
Login 3
Login to SQL Server 1
Connect to SQL Server from A2k 4
Remote NT Login not working 5
SQL Server Login 1
Prevent access to Old Project Server 2

Top