By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,521 Members | 1,248 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,521 IT Pros & Developers. It's quick & easy.

SQL Server 2008 - Security Help

100+
P: 228
I need to allow users belonging to a specific group in their machine to be able to access a specific DB. I added one group in the server [server name is ACCOUNTINGSERVER] and so the following group was added to the logins in the server: ACCOUNTINGSERVER\INDBUSERS

But only administrator, who i made part of the group also access it. But admin's from other systems cant login at all.

What am I missing please? I have created the same groups in client machines as well but nothing works.

Any idea?
Feb 9 '13 #1
Share this Question
Share on Google+
5 Replies


Rabbit
Expert Mod 10K+
P: 12,430
You mean you're creating the indbusers group on the client machines? That won't work, that group is on the server. You need to add the users to the group on the server. Not replicate the groups on the client machines. I'm guessing you guys are on a domain server?
Feb 10 '13 #2

100+
P: 228
No, that's the problem. There is no domain at all. Just the default workgroup in the client machines. But all client computers have a local windows group called "INDBUSERS" to which usernames are added. The IT unit manages user names and local groups in the machines and members of the group have very limited power. What I need now, given the scenario, to let members of the group connect to the database. I hope you are following me.
Feb 10 '13 #3

Rabbit
Expert Mod 10K+
P: 12,430
Well, if you don't have a domain, you will still need to add the users to the group on the server, not the other way around. Either that or create SQL Server logins instead.
Feb 10 '13 #4

100+
P: 228
So basically, i have to say:

PC1\USERGROUP
PC2\USERGROUP

ETC?
Feb 11 '13 #5

NeoPa
Expert Mod 15k+
P: 31,768
No. I don't believe you understand what is being said.

The SQL Server machine has Groups that are being used for security within SQL Server. Specifically ACCOUNTINGSERVER\INDBUSERS. This Security Group, on this particular server, needs each of the users added to it individually for this to work. Each user account added must be the exact one from the machine they are running from. This means that if users move from one PC to another, and/or all users accounts are set up on all PCs, then you have to set them up for each PC they may need to use.

Clearly this is a horrible mess, but SQL Server was never designed to run as a Domain without a Domain.

If users are all members of Groups on the PCs then these Groups may themselves be added instead. This will only work if they are Local Groups on the PCs though.
Feb 11 '13 #6

Post your reply

Sign in to post your reply or Sign up for a free account.