Groups

A group is a collection of database users. The users receive the database permissions granted to the group. Using groups simplifies management of a large number of database users who share common requirements, because groups provide a convenient way to grant and revoke permissions to more than one user at the same time. For a SQL Server installation that has a large number of users, consider using one or more groups.

It is a good idea to create groups before you create users, so that when users are added they can be assigned to the appropriate groups.

There is a built-in group, public, in every database. Each user automatically belongs to public and can be added to one other group. You cannot remove a user from the public group.

When you drop a group, all users in that group are automatically removed from the group. However, dropping a group does not drop its users. Users who were members of the dropped group are still valid users in the database and members of the public group.

If you are using integrated security and have created groups with Windows NT, those groups are not automatically tied to database groups. If you want all members of a Windows NT group to be assigned to a database group, you must first assign all users of the group explicit login IDs, add all those login IDs as users in the database, and then assign those users to the database group you create. (The SQL Security Manager utility can automatically create a SQL Server group for a selected Windows NT group.)

Note that a SQL Server database user can be a member of only the public group plus one other group. However, a Windows NT user under Windows NT security can be a member of many Windows NT groups.