Windows groups in geodatabases in SQL Server

A Windows group is a collection of logins who inherit their permission from membership in the group. Built-in groups exist locally, such as Administrators or Power Users, and user-defined groups can be created at the local and domain levels as well.

Granting a Windows group access to SQL Server rather than individual Windows logins can simplify security. Rather than adding the logins to SQL Server individually, the group is added. All members of the group can log in to SQL Server. Their permission on the server and in individual databases is inherited from their group membership.


Each user in the group who creates data in the geodatabase must have his or her own schema in which to store the data. The schema of the user must have the same name as the login of the individual user. You cannot create one schema to store the data created by all the group members.

Use of Windows groups to connect to, read, and edit data in an ArcSDE geodatabase is supported in ArcGIS 9 and later releases. Use of Windows groups that contain members who can own data is supported in ArcGIS 9.2 and later releases.