locked
Create a User With Entire Privileges on a Domain RRS feed

  • Question

  • Hi guys,

    While me and my colleague are working in the same bank when I add him by search on the same domain, or he does the same, we don't find any access on each other's SQL Servers like (MachineName\InstanceName)?

    Any specific reason? How to create multiple users of an SQL Server Engine installed on a machine on a domain, with entire rights and privileges?

    Thanks in advance.

    • Moved by Tom Phillips Tuesday, September 20, 2016 1:55 PM Security question
    Tuesday, September 20, 2016 12:51 PM

Answers

  • Your question is not very clear. If he can't find your instance, what does it matter which permissions he has on the instance?

    Since I know nothing about the network at your bank, I can't say why you cannot access your respective instances, but firewall seems like a good bet.

    Tuesday, September 20, 2016 1:21 PM
  • That's True - the information what you are asking unclear at all.

    it would be a great if you explain some more information so that you will be get benfit on this.

    because you are saying searching you/coleauge in the same domain unable to identify then you are saying that dont find any access on each sql- it is quite confusing.

    understand - if your id is created at the domain level & incase if you need accesses in the sql- you should be created in the sql level either individual (or) you guys in the separate group so that group should be add in the sql server then you can grant what permission requires. but get  more informations.


    Regards, S_NO "_"

    Tuesday, September 20, 2016 2:29 PM
  • If you "should" (not this depends on access management rules from the bank security team) have access to each other's SQL Server instance and you are both performing the same role then you should be added as members of the same Domain Security Group in AD and that group should then be added to SQL Server as a login and granted the appropriate permissions within SQL Server.

    If you are adding security on the fly and without structure then please tell me the name of the bank so that I NEVER put any money there since they don't treat security appropriately.


    Martin Cairney SQL Server MVP

    Wednesday, September 21, 2016 1:24 AM

All replies

  • Your question is not very clear. If he can't find your instance, what does it matter which permissions he has on the instance?

    Since I know nothing about the network at your bank, I can't say why you cannot access your respective instances, but firewall seems like a good bet.

    Tuesday, September 20, 2016 1:21 PM
  • Automated access to SQL Server used to be granted by a built in principal; but as of 2008 R2 this has been discontinued as it is an obvious Security Breach.

    To grant a use access to SQL Server you need to add the login to a SQL Server Instance and then grant them the appropriate permissions within each Instance.


    Please click "Mark As Answer" if my post helped. Tony C.

    Tuesday, September 20, 2016 1:51 PM
  • That's True - the information what you are asking unclear at all.

    it would be a great if you explain some more information so that you will be get benfit on this.

    because you are saying searching you/coleauge in the same domain unable to identify then you are saying that dont find any access on each sql- it is quite confusing.

    understand - if your id is created at the domain level & incase if you need accesses in the sql- you should be created in the sql level either individual (or) you guys in the separate group so that group should be add in the sql server then you can grant what permission requires. but get  more informations.


    Regards, S_NO "_"

    Tuesday, September 20, 2016 2:29 PM
  • Hi Faraz,

    To grant access for your colleague first of all you should have permissions to allow grant privileges for other users.

    If you or your colleague have public access or read only access then you can not grant access.

    please read the link to know more about server and database roles.

    https://msdn.microsoft.com/en-us/library/bb669065(v=vs.110).aspx

    good luck

    Kumar

    Tuesday, September 20, 2016 11:59 PM
  • If you "should" (not this depends on access management rules from the bank security team) have access to each other's SQL Server instance and you are both performing the same role then you should be added as members of the same Domain Security Group in AD and that group should then be added to SQL Server as a login and granted the appropriate permissions within SQL Server.

    If you are adding security on the fly and without structure then please tell me the name of the bank so that I NEVER put any money there since they don't treat security appropriately.


    Martin Cairney SQL Server MVP

    Wednesday, September 21, 2016 1:24 AM