Does a login need to be created on MSSQL Always On replica before being granted roles on the primary? [duplicate]
https://dba.stackexchange.com/questions/259852
-
24-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDomanda
Consider a SQL Server Login MyLogin that exists on PrimaryServer but not SecondaryServer in an Always-On Availability group. MyLogin has a number of roles already assigned.
If the login MyLogin is later created on SecondaryServer using the hashed password and SID from PrimaryServer, will it automatically have the same roles on the database mirrored on SecondaryServer?
Does it matter that the permissions were granted on the database on the PrimaryServer before the login was created on SecondaryServer?
Soluzione
It doesn't matter where the login is created first. The only important thing is that the SIDs match. All permissions, role memberships, etc. that are assigned to the associated users on databases in the availability group on the primary will be effective on the secondaries for the login with the same SID.
