One of the more frequent requests that a SQL Server DBA receives is to "Clone a login" with all its permissions. For example a request could be Clone BILL_BLACK's login and create a new login JACK_JOHNSON with exactly the same privileges in all databases. Clone AD group login BILLING_APP_ADMINS and create a login for new … Continue reading PowerShell/dbatools Tip – Clone a login / database user
Tag: AD Group
SQL Server: Time To Switch Schema Of All Objects Away From “dbo”
What are Schemas for? All of you are familiar with the default and built-in schema "dbo". When you create an object without a schema, "dbo" becomes the schema for the object. Generally, it is NOT considered a good practice from a manageability or security perspective to have everything owned by "dbo". The alternative is to … Continue reading SQL Server: Time To Switch Schema Of All Objects Away From “dbo”
SQL Server – Find Effective Permissions of An User At Database, Server or Object Level – The Right Way!
Permissions are complex! Permissions management is not easy. You have a lot to deal with Direct user privileges via grants Privileges to AD Group login of which user is part of User could be part of multiple AD groups which have a login on the instance Privileges granted to the role that user is in … Continue reading SQL Server – Find Effective Permissions of An User At Database, Server or Object Level – The Right Way!
Compare AD group membership of two users
Our Windows security setup is completely (well, mostly 🙂 ) AD groups based. When new employees are hired, we ask for an existing employee after whom the new employees permissions should be mirrored. In other words, if we added the new employee to the same AD groups (that are related to SQL Server of course), … Continue reading Compare AD group membership of two users