Chapter 1: System Procedures

sp_grantlogin

Description

Windows NT only Assigns Adaptive Server roles or default permissions to Windows NT users and groups when Integrated Security mode or Mixed mode (with Named Pipes) is active.

Syntax

sp_grantlogin {login_name | group_name} 
	["role_list" | default]

Parameters

login_name: is the network login name of the Windows NT user.

group_name: is the Windows NT group name.

role_list: is a list of the Adaptive Server roles granted. The role list can include one or more of the following role names: sa_role, sso_role, oper_role. If you specify more than one role, separate the role names with spaces, not commas.

default: specifies that the login_name or group_name receive default permissions assigned with the grant statement or sp_role procedure.

Examples

Example 1

Assigns the Adaptive Server oper_role to the Windows NT user “jeanluc”:

sp_grantlogin jeanluc, oper_role

Example 2

Assigns the default value to the Windows NT user “valle”. User “valle” receives any permissions that were assigned to her via the grant command or sp_role procedure:

sp_grantlogin valle

Example 3

Assigns the Adaptive Server sa_role and sso_role to all members of the Windows NT administrators group:

sp_grantlogin Administrators, "sa_role sso_role"

Usage

You must create the Windows NT login name or group before assigning roles with sp_grantlogin. See your Windows NT documentation for details.
sp_grantlogin is active only when Adaptive Server is running in Integrated Security mode or Mixed mode when the connection is Named Pipes. If Adaptive Server is running under Standard mode or Mixed mode with a connection other than Named Pipes, use grant and sp_role instead.
If you do not specify a role_list or default, the procedure automatically assigns the default value.
The default value does not indicate an Adaptive Server role. It specifies that the user or group should receive any permissions that were assigned to it via the grant command or sp_role procedure.
Using sp_grantlogin with an existing login_name or group_name overwrites the user’s or group’s existing roles.

Permissions

Only a System Administrator can execute sp_grantlogin.

Auditing

Values in event and extrainfo columns from the sysaudits table are:

Event	Audit option	Command or access audited	Information in extrainfo
38	exec_procedure	Execution of a procedure	Roles – Current active roles Keywords or options – NULL Previous value – NULL Current value – NULL Other information – All input parameters Proxy information – Original login name, if set proxy in effect