Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2008 Forums
 SQL Server Administration (2008)
 using AD group to grant permissions question

Author  Topic 

merrittr
Starting Member

10 Posts
Posted - 2013-11-22 : 11:17:44
I have 2 users in sql 2008 r2 one can select from sys.sysprocess and run sp_who and see other proc ids and KILL them

(Looks like they have processadmin role but it doesnt show up???) the other can only see their process ids now both are able to access the database

due to being in the sam ad group

how do I look at their permissions if they do not have a principal ID entered in SQL just the domain group they are both in??

for instance this wont work

EXECUTE AS USER = 'DOMAIN\USERNAME'
SELECT * FROM fn_my_permissions(NULL, 'SERVER');

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2013-11-22 : 13:29:02
Could the one user be in other AD groups that have access to the SQL Server?

You can run this to see who is in each group. This works as long as the group has been added to SQL Server:

EXEC master.dbo.xp_logininfo 'DomainName\GroupName', 'members'

From my blog: http://weblogs.sqlteam.com/tarad/archive/2008/06/23/How-to-get-information-about-Windows-users-and-groups-using.aspx

Tara Kizer
SQL Server MVP since 2007
http://weblogs.sqlteam.com/tarad/
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site