Sunday, February 19, 2012

Giving only READ permissions to a DB

Hi
I'm having a user that needs to get only READ permissions to one of our
databases. I've created a login for him, and granted him access to the
database. I've then given him db_reader access and deny_db_reader.
Will this be sufficient or is there any additional rights I have to set or
deny? I've verified that he can only read from the database and can't e.g.
perform an update statement, but id there something I haven't thought about?
Regards
Steen> I'm having a user that needs to get only READ permissions to one of our
> databases. I've created a login for him, and granted him access to the
> database. I've then given him db_reader access and deny_db_reader.
I guess you mean db_denydatawriter.

> Will this be sufficient or is there any additional rights I have to set or
> deny? I've verified that he can only read from the database and can't e.g.
> perform an update statement, but id there something I haven't thought
about?
By default, user has no permissions in a database, so just adding a user to
the db_datareader fixe db role should be enough. Just be careful that the
user is not a member of any other role that has additional permissions and
that you don't give any permissions to the public fixed role (every user is
automatically a member of the public role).
Dejan Sarka, SQL Server MVP
Associate Mentor
Solid Quality Learning
More than just Training
www.SolidQualityLearning.com|||Why are you negating db_reader access by giving him deny_db_reader?
"Dejan Sarka" wrote:

> I guess you mean db_denydatawriter.
>
> about?
> By default, user has no permissions in a database, so just adding a user t
o
> the db_datareader fixe db role should be enough. Just be careful that the
> user is not a member of any other role that has additional permissions and
> that you don't give any permissions to the public fixed role (every user i
s
> automatically a member of the public role).
> --
> Dejan Sarka, SQL Server MVP
> Associate Mentor
> Solid Quality Learning
> More than just Training
> www.SolidQualityLearning.com
>
>
Posted by surpa at 5:14 AM
Labels: , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)