SQL Server, SDE and Active Directory

Discussion created by rwmarti on Oct 28, 2013
Latest reply on Oct 28, 2013 by rwmarti

We are in the process of setting up several SQL Server Geodatabases; and, are faced with IT restrictions at the SQL Server security level.  Namely, no database/mixed-mode authentication.  All connections must come via Active Directory.

The approach we would like to take, given these restrictions, is as follows:

For the SDE geodatabase owner:
1.  At the instance level, grant an AD group access to the instance.
2.  At the db level, map that AD group to the sde user/sde schema in the db/gdb.

Active Directory users could then be mapped to the AD group and administer the geodatabase.  If their role changed, they could be removed from the AD group.

Or, is it still an issue that ArcSDE still maintains a 1:1 relationship in object ownership, as mentioned in this thread?