RE: security problems with AD and SQL Server 2000

Hi Brian,

After carefully reading this thread, I believe it is SQL server permission
configuration issue. Please post this question to
Microsoft.public.sqlserver newsgroup so that you can gain the experience
from MVP and other partners.

Thank you for your understanding!

Best Regards,

Rebecca Chen

MCSE, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================

Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to all
Microsoft technology partners in the United States and Canada.

This and other support options are available here:

BCPS:
https://partner.microsoft.com/US/technicalsupport/supportoverview/40010469

Others: https://partner.microsoft.com/US/technicalsupport/supportoverview/

If you are outside the United States, please visit our International
Support page: http://support.microsoft.com/common/international.aspx

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
>From: "Brian Henry" <nospam@xxxxxxxxxx>
>Subject: security problems with AD and SQL Server 2000
>Date: Tue, 16 Aug 2005 15:53:44 -0400
>Lines: 37
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>X-RFC2646: Format=Flowed; Original
>Message-ID: <ugC52wpoFHA.2180@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.active_directory
>NNTP-Posting-Host: reschini.011.stargate.net 209.114.179.11
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.active_directory:35093
>X-Tomcat-NG: microsoft.public.windows.server.active_directory
>
>In our domain, we have an AD backend for maintaining users and groups and
>OU's... we have our main OU which is the corporate one then under that we
>have servers, employees, and disabled users so our AD tree looks like this
>
>+ Company OU
>|---- Servers
>|---- Employees
>|---- Disabled Users
>
>Now, our SQL Server is of course under the servers group (the computer
>object for it is that is), while all the users are in the employees group.
>But, we have had some problems. We have two user groups in the employees OU
>which are as follows
>
>System Users
>System Developers
>
>developers of course are granted administration (DBO) rights to the sql
>servers, while users only are given rights to their specified role on the
>sql server. Our problem however seems to be, these groups are not
>provisioning the rights out correctly (or i just didnt set it up right,
>which is probably it).
>
>The System developers group is placed into each users section of the
>database for permitting database access to each database. Their permissions
>are set as (Public, db_owner, and our local role BENESP_SysUser). However,
>the users that are in the system developers group, when they try to access
>the databases get "access denied"... and a smiliar thing for the client
>users which are under the other user group System Users, they seem to have
>permission problems. The only solution we had to this was to manually enter
>all the AD users into the databases manually... which is a pain... does
>anyone know why this is happening and how to fix it? i'd really like to use
>AD groups to provision permissions to users and not individual user
accounts
>on SQL Server's databases. Thanks!
>
>
>
>

.

Relevant Pages

  • Re: Complete Neophyte Question(s)
    ... I have a user named james on a database. ... WITH GRANT is one of the more esotheric features in SQL Server in my ... Or does that depend on the permission? ... CREATE USER erik ...
    (microsoft.public.sqlserver.security)
  • security problems with AD and SQL Server 2000
    ... our SQL Server is of course under the servers group (the computer ... The System developers group is placed into each users section of the ... database for permitting database access to each database. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Alter Many Stored Procedures
    ... Books Online for SQL Server SP3 at ... >> What permission do I need to setup for a developer in order to change ... >> stored procedures in ABC database? ... Developer windows group is added to ...
    (microsoft.public.sqlserver.security)
  • Re: ASP page and SQL server error
    ... It's not the account, it's the priveleges that the account has with regards ... SQL Server permissions are very granular. ... while the user has permission to USE the database (in a general ...
    (microsoft.public.frontpage.programming)
  • Re: How to connect to an SQL Server 2000 Personal Edition Database
    ... You've got to give the aspnet worker process the permission to the database, add a new login from your Windows Account. ... Otherwise you've to run impersonnation or use sql authentication. ... I have created a web service that needs to access data in an SQL Server 2000 ...
    (microsoft.public.dotnet.framework.webservices)