sp_grantlogin

(Windows only) Assigns SAP ASE roles or default permissions to Windows users and groups when Integrated Security mode or Mixed mode (with Named Pipes) is active.

Syntax

sp_grantlogin {login_name | group_name} 
	["role_list" | default]

Parameters

login_name – is the network login name of the Windows user.
group_name – is the Windows group name.
role_list – is a list of the SAP ASE roles granted. The role list can include one or more of the following role names: sa_role, sso_role, oper_role. If you specify more than one role, separate the role names with spaces, not commas.
default – specifies that the login_name or group_name receive default permissions assigned with the grant statement.

Examples

Example 1 – Assigns the SAP ASE oper_role to the Windows user “jeanluc”:
```
sp_grantlogin jeanluc, oper_role
```
Example 2 – Assigns the default value to the Windows user “valle”. User “valle” receives any permissions that were assigned to her via the grant command:
```
sp_grantlogin valle
```
Example 3 – Assigns the SAP ASE sa_role and sso_role to all members of the Windows administrators group:
```
sp_grantlogin Administrators, "sa_role sso_role"
```

Usage

There are additional considerations when using sp_grantlogin:

You must create the Windows login name or group before assigning roles with sp_grantlogin. See your Windows documentation for details.
sp_grantlogin is active only when the SAP ASE server is running in Integrated Security mode or Mixed mode when the connection is Named Pipes. If the SAP ASE server is running under Standard mode or Mixed mode with a connection other than Named Pipes, use grant instead.
If you do not specify a role_list or default, the procedure automatically assigns the default value.
The default value does not indicate an SAP ASE role. It specifies that the user or group should receive any permissions that were assigned to it via the grant command.
Using sp_grantlogin with an existing login_name or group_name overwrites the user’s or group’s existing roles.

Permissions

The permission checks for sp_grantlogin differ based on your granular permissions settings.

Setting	Description
Enabled	With granular permissions enabled, you must be a user with`manage roles` privilege.
Disabled	With granular permissions disabled, you must be a user with sa_role.

Auditing

Values in event and extrainfo columns from the sysaudits table are:

Information	Values
Event	38
Audit option	exec_procedure
Command or access audited	Execution of a procedure
Information in `extrainfo`	Roles – Current active roles Keywords or options – NULL Previous value – NULL Current value – NULL Other information – All input parameters Proxy information – Original login name, if set proxy in effect