Giving a user database permissions in SQL Server Management Studio

sql-server-2008

In SQL Server Management Studio, when I right click my database and click properties, a window opens showing the permissions users have on the database. I have recently added a user to active directory with the intention of granting this user permission on my database. The problem is, in active directory, I see a lot of users, but in SQL Server Management Studio, I only see very few of these users. The user I just created doesn't show up either when I hit search->browse or when I search for the exact name. What am I doing wrong? Shouldn't SQL Server be able to connect with Active Directory to get the user list? Additionally, it seems like all of the users that are showing up, are all from one group in AD...

Edit

just saying thanks all for the answers...

Summary of answers and the solution

Users need to be added to the main Security->Logins folder BEFORE they show up in a particular database's Properties->Permissions->Users listing. However, since I did not have enough permissions on SQL Server itself, when I went to the main logins folder, I could not see users (even though they were there for my colleague who had more permissions). But since I DID have enough permissions on the database, I COULD see the users there, leading to my confusion.


You need to add their Windows account to the SQL Server instance first. Go to the security folder for the instance, not the database. Add the user you want as a new login there. Once they've been added to the SQL Server instance you can assign them permissions on individual databases.


Are you referring to database users or SQL logins? A database user is based on a SQL login, which needs to be created first. When adding a SQL login you have the choice of using Windows authentication or SQL authentication. If you choose Windows authentication you can browse for a local user or group account or a domain user or group account. Once you've created the login you can then grant that login access to a database which will create the user in the database.

Users and logins don't just show up, they have to be created.


Basically what you should be doing is add the ADuser as a SQL Server login(so that he will be authenticated to the server) and create a user in the database who is associated with the login and give this user a permission to do stuff(read, write, update etc) on your database(authorization). You can acieve this using somethingin in line of this:

USE [master]
GO
CREATE LOGIN [Domain\User] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
GO
USE [YourTargetDatabase]
GO
CREATE USER [Domain\User] FOR LOGIN [Domain\User]
GO
USE [YourTargetDatabase]
GO
EXEC sp_addrolemember N'db_datareader', N'Domain\User'
GO
USE [YourTargetDatabase]
GO
EXEC sp_addrolemember N'db_datawriter', N'Domain\User'
GO

Sometimes you can see users which are not associated with any logins due to the fact that the database which is taken in another server might be restored here or the login is deleted with out removing the associated users.

Related

Is there a Linux utility that can distribute files to an array of hard disks, like a load balancer, but for storage?
Open-source Shared Storage file system?
How do I find a file on Linux in an ext4 filesystem that's being written to frequently?
How do you redirect URLs with a query string to another host?
Comet with uwsgi and nginx, how to turn off the output buffer?
Linux DHCP server option 43 vendor-encapsulated-options, how to format/encode?
How do I debug this FS error on a flash device?
How do you stop PostgreSQL from starting a cluster under linux (Ubuntu)
Wireshark filter to only capture Incoming Packets?
apache2: why <LimitExcept> parameter results “deny not allowed here” error in virtualhost tag?
Is there any way to detect when nginx has completed a graceful shutdown?
Should server spare parts be stored in climate controlled storage?