I want to grant only a login who is under an active directory user group to view server state in sql server. How can i do it?
Asked
Active
Viewed 32 times
0
-
You add the group as a login and assign permissions to the login. – David Browne - Microsoft Apr 01 '21 at 20:26
-
Yeah. There is a AD login in my sql server. And, there are several people under that AD group. I manage the privileges only over AD groups and now, i just want to grant only a specific person under an AD group to view the server state. I want to try to learn if this is possible or not for just a specific person. @DavidBrowne-Microsoft – DBA Apr 01 '21 at 20:31
-
1That person would need an individual login. – David Browne - Microsoft Apr 01 '21 at 20:46
-
As David mentioned, you would need to add a Login in your SQL Server for the individual person's AD account, and then you can assign permissions on that Login just the same as if you were doing it to a Login for an AD Group. Keep in mind the permissions are cumulative, but deny first. So if the Login of the AD Group has permissions to read from a specific database then the Login of an AD account in that AD Group will also be able to implicitly read from that same database without you having to provide that permission to that Login. Conversely if you explicitly... – J.D. Apr 01 '21 at 21:16
-
...denied the Login of the AD Group from reading from a database but granted that permission to the Login of an AD account, that AD account would still be implicitly denied from reading from that database. – J.D. Apr 01 '21 at 21:21