The information in this article applies to:
SYMPTOMS
The extended stored procedure XP_LOGININFO reports the privilege
level and the permission path by which a Windows NT user account has
access to SQL Server. However, for a domain user (for example,
Domain\SQLUser) belonging to a global group (for example, SQLGlobal),
"xp_logininfo SQLUser" doesn't return any information if "SQLUser" is
granted user level privilege through this global group (xp_grantlogin
'Domain\SQLGlobal', 'user'). Similarly, if the global group is added as a
member of a local group (for example, SQLLocal) on the Windows NT server
where SQL Server resides and user level privilege is granted to "SQLUser"
through the local group "SQLLocal" (xp_grantlogin sqllocal, 'user'),
'xp_logininfo SQLUser' does not return any information either.
WORKAROUNDIn Windows NT User Manager for Domain, add domain users directly to a local group. You should now be able to grant this group user-level privilege through SQL Security Manager or xp_grantlogin. STATUSMicrosoft has confirmed this to be a problem in SQL Server
version 6.5. This problem has been corrected in U.S. Service Pack 5a
for Microsoft SQL Server version 6.5. For information about
downloading and installing the latest SQL Server Service Pack, see
http://support.microsoft.com/support/sql/.
MORE INFORMATIONAs a side effect of this problem, all SQL Server logins created for Windows NT users granted access through a global group (SQLGlobal above) will show as orphaned logins in Security Manager under Security/Search/Find orphan SQL Login IDs. Additional query words: prodsqlIntegrated Security
Keywords : kbnetwork SSrvGen SSrvLAN kbbug6.50 kbfix6.50.SP5 |
|
Last Reviewed: November 17, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |