[dba-SQLServer] Inherited Permissions

Ahh, that makes sense.  Thanks.

David

At 4/11/2005, you wrote:
>because teammanager is not part of the staffgrp, teammanager does not have
>staffgrp permissions. with the current setup, anyone who belongs to staffgrp
>would also have permissions of the managergrp as well because that user
>would have the permission staffgrp (because that user is part of the
>staffgrp) and also have the permission of the managergrp as well (because
>the staffgrp is part of (that is, is a user of) the managergrp who has
>permissions "intended for managers only").  you probably want it the other
>way around.
>
>hth
>Billy
>
>
> >From: David Emerson <newsgrps at dalyn.co.nz>
> >Reply-To: dba-sqlserver at databaseadvisors.com
> >To: dba-SQLServer at databaseadvisors.com
> >Subject: [dba-SQLServer] Inherited Permissions
> >Date: Fri, 04 Nov 2005 17:13:32 +1300
> >
> >SQL2000, AXP ade
> >
> >I have two roles set up in SQL called ManagerGrp and StaffGrp each
> >with permissions for different sets of objects within a database.
> >I also have a user called TeamManager who needs access to both sets
> >of objects but has no permissions set directly.
> >
> >My initial thought was to make StaffGrp a user of ManagerGrp with the
> >idea that the permissions from StaffGrp would be inherited by
> >ManagerGrp.  Then by making TeamManager a user of ManagerGrp,
> >TeamManager would inherit the permisions of both ManagerGrp and
> >StaffGrp.  However the permissions of StaffGrp were not inherited by
> >TeamManager.  It was not until I made TeamManager a user of both
> >Roles that they received permissions from both roles.
> >
> >If permissions are not inherited by roles from other roles that are
> >set as users, then when would roles be made users of other roles?
> >
> >
> >Regards
> >
> >David Emerson
> >Dalyn Software Ltd
> >999 Moonshine Rd, RD 1
> >Judgeford, Porirua  6006
> >Phone    (04) 235-6782
> >Fax      (04) 235-6783
> >Mob      (027) 280-9348