When operating under Integrated or Mixed login mode, SAP ASE assigns permissions to trusted user connections by checking the user’s network or Windows group name. This check determines whether the Security Administrator, using sp_grantlogin, has assigned an SAP ASE role, or the default value, to that name, and SAP ASE acts accordingly.
When one or more SAP ASE roles have been assigned to the user’s network name or to the user’s Windows group, the user receives those roles and permissions that were assigned by the Security Administrator through the grant statement.
When only the default value has been assigned to the user’s network name or Windows group, the user receives only the permissions and roles that were assigned by the Security Administrator through the grant statement.
The most important point to remember is that Windows users or their associated Windows groups must have permissions that were assigned with sp_grantlogin.
For more information about sp_grantlogin, see the Security Administration Guide.