Thursday, March 22, 2012

detecting group of logins

Hello there
I have some applications that talks with sql server.
On some of them i have problem of access denied.
In all of them they are use windows authentication.
and on sql server there are many logins. Is there a way to know when user is
entered from which login he used to access inside? and in case of failure is
there a way to know what login the user tried to access?Roy,
I am afraid I do not fully understand your problem, but let me try.
From your title, I guess that your users are using their domain logins
(mydomain\mylogin) to login to the serve, but that you are not granting
database rights to individual logins, but to domain groups
(mydomain\mySQLgroup1, etc).
Is that correct?
If so, each individual when he logs in, he is authenticated as himself
(mydomain\mylogin), but he inherits the rights granted to all group logins
(mydomain\mySQLgroup1, etc) of which his login is a member. So, he is not
running as one of those group logins at all, but always runs as his personal
login.
To determine how the personal login gets (or fails to get) rights to an
object you will have to examine the rights granted to the group logins of
which he is a member. You can then use sp_helprotect to examine rights
within a database and sp_helplogins to determine what database roles a login
(either personal or group) has been granted.
A subtle way that a login will fail is when it is a member of a group login
that has a default database definition that the group does not actually have
rights to. Then the attempt to login can fail trying to access the default
database at login time. (If a login is a member of many group logins and
those group logins have different default databases, then you cannot predict
which default database will be applied at login time.)
If the default database problem is what is affecting you, then change that
definition.
RLF
"Roy Goldhammer" <roy@.hotmail.com> wrote in message
news:OE$fRG4eHHA.4364@.TK2MSFTNGP06.phx.gbl...
> Hello there
> I have some applications that talks with sql server.
> On some of them i have problem of access denied.
> In all of them they are use windows authentication.
> and on sql server there are many logins. Is there a way to know when user
> is entered from which login he used to access inside? and in case of
> failure is there a way to know what login the user tried to access?
>
Posted by impe at 10:20 PM
Labels: , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)