Updating SQL Server 2008 LOGIN SID -
if active directory sid doesn't match sql server 2008 login sid (sys.server_principal) there doesn’t appear way alter/update value. alter user allow remap user login, alter login not allow remap login active directory question…
is there way, documented or otherwise, update login sid ad sid besides dropping , recreating login? using openrowset ad sid value, can't find way update login sid (mostly because don't think can done)
by way, aware ad-hoc queries system tables not allowed (because tried already).
answer 1 correct, shady.
one upside of remapping login sid different ad sid enable administrator implement role based authentication. database user defined user = "financial_officer" (fo) in multiple database and/or multiple servers, placed in multiple groups, , views join lookup tables created provide appropriate row level security. when fo retires or quits, sid of "financial_officer" login swapped out provide privileges of old fo new fo.
it hope user_created_server_level_roles&ucsrl/slr) (something suggested ms) enable ability, , can, if single login can added ucslr. tsql function needed return slr "user" , "system_user" do.
if sqlserver provided server_level_position_role, pure role based authentication implemented in sqlserver. under scenario login sid change required backfill position person.
this possible visiting each database , changing fo sid sid of person (ad sid) of person backfilling fo position.
Comments
Post a Comment