How to retrieve SQL Server database roles for an Active Directory domain group
I have the following environment:
Microsoft SQL Server Enterprise 64bit version 11.0.5623.0 running on Microsoft Windows NT 6.1 (7601)
I have a domain called MyDomain, all end users are member of this domain, e.g. user Donald from the USA and user Fritz from Germany
For each country I have a dedicated domain group e.g. MyDomain_Sales_USA group contains the US user Donald, MyDomain_Sales_GER contains the German user Fritz
I have one SQL Server instance in the
MyDomainwith aSalesdatabase.The
Salesdatabase contains a table calledProductsthat is shown here:
End users access the
Productstable with their domain account (single sign on) to read data
The business case:
- USA users that are members of the domain group MyDomain_Sales_USA only see the products with
Country = USA, similarly German users only see the Germany products. - users are added and removed from the two domain groups frequently
- The SQL Server admins only want to configure the domain groups. No domain users are configured in the SQL Server.
My approach:
Using SQL Server Management Studio I added the domain groups MyDomain_Sales_USA and MyDomain_Sales_GER to the SQL Server Security\Logins node and mapped each group to the Sales database.
I created two database roles in the
Salesdatabase,SalesRole_USAandSalesRole_GER. Using the database role properties dialog I added theMyDomain_Sales_USAas a member to theSalesRole_USArole and theMyDomain_Sales_GERto theSalesRole_GERroleI created a view in products database with the following select statement
SELECT * FROM Products WHERE Country = GetCurrentUserCountry()
Here's my question:
How can I in the GetCurrentUserCountry() function to determine to which database role the connected user belongs?
In other words: if Donald executes the select statement above then the function must return 'USA', if Fritz executes the statement then the function must return 'GER'
My expectation is the following:
SQL Server grants access to Donald and Fritz because their domain groups are registered and mapped to the
SalesdatabaseSo it must be possible to retrieve the database roles for the connected user
In the GetCurrentUserCountry() function I used the system function IS_MEMBER('MyDomain_Sales_USA') and IS_MEMBER('MyDomain_Sales_GER'), this works fine but has a small disadvantage cause I have to update the function everytime a new country group is created.
- migrate data from MS SQL to PostgreSQL?
- Sqoop Import HBase - SQL Database
- How important is the order of columns in indexes?
- Connect to SQL Server running on Windows host from a WSL 2/Ubuntu sqlcmd
- SQL Server, to normalize this much or not?
- Strange behavior of symfony doctrine during phpunit test - field becomes null in database
- How do I make it to where my login will accept either an email or username in the username field
- Adding column to select statement in SQL causes timeout
- SQL Server: Clustered index on datetime, ASC or DESC
- SQL Pivot on Conditional Count
- SQL Server indexes - ascending or descending, what difference does it make?
- Query to concatenate row data in each group
- Combine 2 SQL Statements
- Converting SQL server timestamp to an epoch timestamp
- Change Date format from yyyy-mm-dd to mm/dd/yyyy Derived Column
- How do you send email with TSQL using a Agent Operator instead of an email address?
- Spark sending LIMIT to SQL Server on display function
- How can I manage Azure SQL user/login/credentials
- Can't add members to SSAS role through Visual Studio
- How to use Charindex for one or the other character
- SQL want to calculate time hours and mints of each emp
- Incorrect Syntax near ',' in SQL query execution in Spring JPA but executes successfully in database
- How to make multiple select into on the same table?
- Invoking a stored procedure with all combinations of values stored in multiple single-column tables
- Get Value From Json object contain table column using SQL Query
- Compute count(*) of unique occurrences into new column without group by in a single select query
- Is there any better option to apply pagination without applying OFFSET in SQL Server?
- How to get a list of tables with composite primary key in SQL Server?
- Calculating churn rate in SQL: how can I display both churned and not churned customer in % in a single query?
- How can you tell what Tables are taking up the most space in a SQL Server 2005 Database?