如果在这种情况下使用Windows身份验证，则可以创建角色并将不同的Windows用户和NT组添加到角色，并授予对Windows的访问权限.角色来访问数据库对象.***做法是，不要直接向db对象上的用户授予访问权限，而应仅通过角色完成此操作.

If you are using windows authentication in that case you can create roles and add different windows user and NT groups to the roles and grant access to the roles to access the db objects. As a best practice, don''t grant direct access to the users on db objects, it should be done through roles only.