SQL database OS permissions

954
8
04-04-2021 03:43 AM
Labels (3)
MohammedElsayed
New Contributor III

We created an SQL database schema for a group of users to edit in, but the problem is when they login using the operating system they cannot see each others edits (ex. user X cannot see the feature classes that user Y created). 

 

The question is: Is there any way to let all the users see each others using the operating system login?

Tags (5)
0 Kudos
8 Replies
DavidPike
MVP Frequent Contributor

Are we talking edits of existing features within a feature class or new feature classes created in the schema?

Is any type of versioning employed?  If these a newly created feature classes, depending on your permissions design, the feature class would have to be added to a role - with the role being associated with a group of users.

0 Kudos
MohammedElsayed
New Contributor III

we are talking about new feature classes created in the schema

no there is no versioning employed

would you clarify the point of adding the FC to a role and what is the best permission design i should use?

0 Kudos
MohammedElsayed
New Contributor III
0 Kudos
George_Thompson
Esri Frequent Contributor

When they are creating the new feature classes, what is the naming convention being used?

Are the O/S users creating the feature classes or are they already created by a DB user?

--- George T.
0 Kudos
MohammedElsayed
New Contributor III

when creating the feature class by default it starts with the database name then the user name then the FC name (DBname\OSuserName\FCname)

the O/S users create the FC

0 Kudos
George_Thompson
Esri Frequent Contributor

Ok, so each of the users will have grant permissions to the other O/S users (can use AD group) in order to see the new feature classes. Just cause you allowed an AD group to create objects (feature classes) in their own schema that they will be able to see the other objects without permission.

I would recommend that you have a data owner (i.e. GIS / DATA) as a DB user, then grant permissions to the AD group for editing.

--- George T.
0 Kudos
MohammedElsayed
New Contributor III

thanks for your reply,

would you please explain how to create the group of users and how to add it to database?

the IT team created a group of users by when we tried to add it using CreateDatabaseUser tool it failed

0 Kudos
George_Thompson
Esri Frequent Contributor

I am not sure that you can add a group of AD users to the DB and have them all create tables under a "single" schema owner, unless they have DBO privileges in at the DB level.

This is why I would recommend that you have a DB user own all the object and perform the maintenance on them. Then you only have to give the AD group from IT the edit permissions.

When using O/S authentication it creates complications related to data owners.

--- George T.
0 Kudos