Please click to enter the picture description (up to 18 characters)
Most of SQL Server server authentication is set to mixed mode, that is, SQL Server and Windows authentication mode. More large-scale IT, due to security considerations, avoid the use of SQL Server certification as much as possible, and use Windows certification. Generally speaking, AD groups (Active Directory) are used to manage database security. For example, there are three DBAs in the database department. In this case, you can set up an AD SA (sysadmin) group, and then add the AD accounts of the three DBAs to this AD SA group. In the security settings of SQL Server, grant the sysadmin server role to this AD SA group. The DBA uses his own AD account to log in to the database. Examples are as follows:
Domain Name: Bootcamp
AD SA group: Bootcamp\SQLSA, where the group contains the following members (members).
DBA Jason’s AD account: Bootcamp\Jason
DBA Debbie’s AD account: Bootcamp\Debbie
DBA Mark’s AD account: Bootcamp\Mark
After the settings are correct, Jason can use his account (Bootcamp\Jason) to log in to the database in Windows authentication mode.
The advantage of this setting method is that if a new DBA joins, just add the AD account of the newly added member to the AD SA group. Simplify the procedures for many database security settings.
If you want to view the details, you can use the following SQL scripts to query the relationship between the login account and the group permission path.
