Share via


Setting Up Accounts, Logins, Roles, and Users

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.

Workflow Designer for SQL Server integrates the security environment in Microsoft® Windows® 2000 and in Microsoft® SQL Server™. The security environment is stored, managed, and enforced through a hierarchical system of users. To simplify the administration of many users, Windows and SQL Server use groups and roles.

A group is an administrative unit within the Active Directory Services of Windows that contains Windows users or other groups. A role is an administrative unit within SQL Server that contains SQL Server logins, Windows domain accounts, groups, or other roles.

Arranging users into groupsand roles makes it easier to grant or deny permissions to many users at one time. The security settings defined for a group are applied to all members of that group. When a group is a member of a higher-level group, all members of the group inherit the security settings of the higher-level group, in addition to the security settings defined for the groupitself.

With this security strategy, rather than assigning permissions to each user for each object in your workflow application, you assign permissions to a few roles in the projects. These roles are associated with SQL Server logins and Windows accounts. Then, you can add users and groups to the appropriate roles. Users automatically inherit the permissions associated with any roles to which they belong.

**Note   **To simplify user administration, it is recommended you create an Active Directory group for each of your project's roles and add that group to the project, rather than adding each user individually. Then, you can add or remove users from workflow applications by managing the membership of the groups. You also can use the same groups to set permissions on other network resources, such as file shares and printers.

Security

Aa140956.desecuritymodelntsqlgrizzly(en-us,office.10).gif

Employees often must belong to security groups that do not fall within the strict organizational plan of the company. For example, administrative staff exists in every branch of the company and requires security permissions regardless of their organizational branch. To support this broader model, the security system in Windows and SQL Server makes it possible for groups to be defined across a hierarchy as well. For example, an administrative staff member can belong to an Administrative group, a department group, and a corporate group.

In This Section