Hi
I'm having a user that needs to get only READ permissions to one of our
databases. I've created a login for him, and granted him access to the
database. I've then given him db_reader access and deny_db_reader.
Will this be sufficient or is there any additional rights I have to set or
deny? I've verified that he can only read from the database and can't e.g.
perform an update statement, but id there something I haven't thought about?
Regards
Steen> I'm having a user that needs to get only READ permissions to one of our
> databases. I've created a login for him, and granted him access to the
> database. I've then given him db_reader access and deny_db_reader.
I guess you mean db_denydatawriter.
> Will this be sufficient or is there any additional rights I have to set or
> deny? I've verified that he can only read from the database and can't e.g.
> perform an update statement, but id there something I haven't thought
about?
By default, user has no permissions in a database, so just adding a user to
the db_datareader fixe db role should be enough. Just be careful that the
user is not a member of any other role that has additional permissions and
that you don't give any permissions to the public fixed role (every user is
automatically a member of the public role).
--
Dejan Sarka, SQL Server MVP
Associate Mentor
Solid Quality Learning
More than just Training
www.SolidQualityLearning.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment