Home
Join
check
  • That will get them logged on to the server, but then for any given databases they actually need access to you need to look at the user login on the database(s) specifically, they will need to be members of a relevant role (like datareaders) and they or the role will need explicit permissions on any objects within the database they need to execute, such as sprocs to execute or tables they need alter permissions on, etc...  also doesn't hurt to declare what default database they are logging onto if it's other than master, which is where it will log them into by default, I believe.

    So it's a two-step process, the login on the server is good, now you probably just need to provision the logged in user on the databases.

    Spice (1) flagReport
    1 found this helpful thumb_up thumb_down
  • View Best Answer in replies below

    2 Replies

    • Here is a similar problem where SQL is not able to verify the members of an AD group:

      https://dba.stackexchange.com/questions/163742/cannot-login-to-sql-server-as-a-member-of-ad-group

      Check that SQL can actually read the group information (using name of group as 'DBAdmin', enter your correct AD domain):

      xp_logininfo 'MYDOMAIN\DBAdmin', 'members'

      Also check that the AD group is set as a 'Security' group.

      There are several other things to check in the provided link above.

      Was this post helpful? thumb_up thumb_down
    • That will get them logged on to the server, but then for any given databases they actually need access to you need to look at the user login on the database(s) specifically, they will need to be members of a relevant role (like datareaders) and they or the role will need explicit permissions on any objects within the database they need to execute, such as sprocs to execute or tables they need alter permissions on, etc...  also doesn't hurt to declare what default database they are logging onto if it's other than master, which is where it will log them into by default, I believe.

      So it's a two-step process, the login on the server is good, now you probably just need to provision the logged in user on the databases.

      Spice (1) flagReport
      1 found this helpful thumb_up thumb_down

    Read these next...