Friday, March 23, 2012

Grant a Login Read Only for a while, restore original permissions afterwards

Hi,
I need to disable a certain Login to a Database/SQL Server temporality or
give it only read-access (the better solution), and after a while restore
its original permissions. Is there a way to do this? to kind of disable a
prt of the permisions, or take a login 'offline'?
Thanks a lot in advance,
Pieter"DraguVaso" <pietercoucke@.hotmail.com> wrote in message
news:er3Ng6tWFHA.3828@.TK2MSFTNGP10.phx.gbl...
> Hi,
> I need to disable a certain Login to a Database/SQL Server temporality or
> give it only read-access (the better solution), and after a while restore
> its original permissions. Is there a way to do this? to kind of disable a
> prt of the permisions, or take a login 'offline'?
> Thanks a lot in advance,
> Pieter
>
This depends on how you set up your permissions in the various databases and
at the login level.
One method is to assign the login (in each database) to the
db_denydatawriter role. This will effectively make them read only in that
database.
USE <databasename>
sp_addrolemember 'db_denydatawriter', 'user_name_in_database'
GO
At the login level, you could revoke their server access (ie: no access to
SQL Server at all).
Rick Sawtell
MCT, MCSD, MCDBA|||Thanks, I think it will be perfect!
"Rick Sawtell" <r_sawtell@.hotmail.com> wrote in message
news:uY0hpeuWFHA.3320@.TK2MSFTNGP12.phx.gbl...
> "DraguVaso" <pietercoucke@.hotmail.com> wrote in message
> news:er3Ng6tWFHA.3828@.TK2MSFTNGP10.phx.gbl...
> > Hi,
> >
> > I need to disable a certain Login to a Database/SQL Server temporality
or
> > give it only read-access (the better solution), and after a while
restore
> > its original permissions. Is there a way to do this? to kind of disable
a
> > prt of the permisions, or take a login 'offline'?
> >
> > Thanks a lot in advance,
> >
> > Pieter
> >
> >
> This depends on how you set up your permissions in the various databases
and
> at the login level.
> One method is to assign the login (in each database) to the
> db_denydatawriter role. This will effectively make them read only in that
> database.
> USE <databasename>
> sp_addrolemember 'db_denydatawriter', 'user_name_in_database'
> GO
> At the login level, you could revoke their server access (ie: no access to
> SQL Server at all).
>
> Rick Sawtell
> MCT, MCSD, MCDBA
>
>
>sql
Posted by surpa at 12:51 AM
Labels: , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)