I have a Windows Group setup to access a SQL server, say (SQLSUPPORT as windows group) and it's a login account to a SQL server... I have a Windows user, DOMAIN\memberA (as member of the group SQLSUPPORT), and it also has a specific login access account to a SQL server but no database user access...
SQLSUPPORT has db_datareader and db_datawriter permissions to DATABASEa but not DOMAIN\memberA... DOMAIN\memberA does not have specific access to DATABASEa...
I get the error message that DOMAIN\memberA does not have permissions to the database.
How can this be? Why can't the user account that's a member of a group have access to the database when the group has been granted db_datareader and db_datawriter permissions?
BUT, does domain\SQLSupport have permission to access the database?|||
Yes, SQLSUPPORT has db_datareader and db_datawriter permissions to DATABASEa but not DOMAIN\memberA... DOMAIN\memberA does not have specific access to DATABASEa...
|||
Permissions are cummulative with deny taking precedence. So my first guess it that memberA is impacted by a deny somewhere. Don't just look at the one group - make sure to look at all groups and roles as well as individual permissions and denies for that user account.
-Sue
sql
