May 29, 2008 at 4:46 am
Steps which I followed to restrict a group (windows authentication) accessing a database:
1. Created a group for Windows authentication (Administrative tools-> computer management-> add groups (searched in the local network and added 3 users including mine))
2. In SSMS, I connected using ‘sa’ login
a. opened Security Folder
b. -> Right clicked Login (Created a new login for the group created )
c. -> Right clicked the new login -> User mapping-> Restricted access for a single database as denydatawriter
When I login using windows authentication, am unable to edit any tables as expected, whereas the other user are able to access the tables and modify.
Note: Sql server 2005 server is local machine of mine
Please let me know if the steps above are right?
May 29, 2008 at 6:01 am
To validate this, you can try adding an user explicitly to that login for which access is denied. And, ask the user to test. If it works, (i.e. the user is not able to access) then you have to figure out if the windows group has been created correctly or not.
One basic question - the other users are trying to login using windows authentication, right?
Also, make sure none of them is part of another login for which there is no restriction.
Regards,
Vijay.
Warm Regards,
Neel aka Vijay.
May 29, 2008 at 6:17 am
Yes they are using windows authentication only.
May 30, 2008 at 1:41 am
ok. did you try the options I said?
Warm Regards,
Neel aka Vijay.
May 31, 2008 at 2:39 pm
Are they coming in with accounts that are in some way members of the sysadmin fixed server role? Either directly, or through a group, this is possible. For instance, BUILTIN\administrators is, by default, a member of the sysadmin fixed server role. If they are local administrators on the server, then that would be one way they map in.
K. Brian Kelley
@kbriankelley
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply