The Books Online indicates that if a 'database user' that is actually repres
ents a NT security group creates a new database etc,
then SQL will automatically create a new 'database user' that is specificall
y signed on user.
I know from experience that the individual user, not the group, becomes the
owner of the newly created database.
Questions are
1) - What privileges and roles etc are associated with the new user.
2) - What is the login that this new user is tied to. Is it still the group
or does a login for the individual get created also.
3) - If a group that contains an individual that also has a 'database user'
record and the individual have conflicting 'database
user' setups (roles, privileges etc) which one wins. (Least restrictive, mo
st restrictive, group, individual, union, intersection
or something else)
Thanks
---
Roy Chastain
KMSystems, Inc.1. In terms of the database, the user creating the database
will be the owner of the database so they would be a member
of db_owner and mapped to dbo for the database.
2. I'm not sure what you are asking on this - the user is
always tied to their login even when they are members of
groups/roles. If the user creates a database, they will be
mapped to dbo in that database.
3. Permissions are cumulative with deny taking precedence.
The only exception would be a login that is a member of the
sysadmin server role. Sysadmins can perform any activity on
the server.
-Sue
On Mon, 21 Jun 2004 14:07:34 -0400, Roy Chastain
<roy@.kmsys.com> wrote:
>The Books Online indicates that if a 'database user' that is actually repre
sents a NT security group creates a new database etc,
>then SQL will automatically create a new 'database user' that is specifical
ly signed on user.
>I know from experience that the individual user, not the group, becomes the
owner of the newly created database.
>Questions are
>1) - What privileges and roles etc are associated with the new user.
>2) - What is the login that this new user is tied to. Is it still the grou
p or does a login for the individual get created also.
>3) - If a group that contains an individual that also has a 'database user'
record and the individual have conflicting 'database
>user' setups (roles, privileges etc) which one wins. (Least restrictive, m
ost restrictive, group, individual, union, intersection
>or something else)
>Thanks
>---
>Roy Chastain
>KMSystems, Inc.sql
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment