SQLTeam.com | Weblogs | Forums

Windows Group Authentication


#1

I have an existing application using SQL authentication. I read that "Windows Group-based logins are preferred, but with the caveat that
fully-qualified naming is used when referencing database objects" ( https://www.mssqltips.com/sqlservertip/1831/using-windows-groups-for-sql-server-logins-as-a-best-practice/ ).

  1. Can I see an example of that ?

My first connection is like this
connection.ConnectionString = string.Format("Integrated Security=SSPI;Data Source={0};Initial Catalog={1}",
serverLocation, dBName);

Most of my application uses stored procedures, but there are some ad hoc queries. Do I add this user group (ADGM ) and permissions like select etc. For the stored procedures I can add the group and execute permissions.

Question. I have a number of tables and stored procedures. If the table is only accessed by the stored procedure does the table also need to have the group added as it seemingly must for the ad hoc query ?

Thanks !


#2

From my understanding, you don't. As long as you give the permission for the group, anyone in that group can execute those SP.
Hope this helps.