October 26, 2009 at 4:03 am
Hi Guys,
I am sitting with a situation. How do you limit a user on a database to only select/update/insert etc from a few tables within on the SQL instance. I have 2 schemas on my SQL instance with tables belonging to them and would like to have db_owner rights only on certain tables. I have db_owner rights on both logins but would not want the logins to see other see tables on select from it. Can anyone perhaps help.
Regards
IC
October 26, 2009 at 9:46 am
Db_woner is the name of a role that anyone it can do anything inside the database. If you want your users to have limited permissions (as they should), then first of all you need to take them out from db_owner role. You can assign permissions on table level and on schema level. You can do it with GRANT statement. BOL has lots of articles about GRANT statement on object or schema level. I recommend that you’ll have a look at it.
Adi
--------------------------------------------------------------
To know how to ask questions and increase the chances of getting asnwers:
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
October 26, 2009 at 10:14 am
here's an example I hope helps you visualize it:
you want to try to give users only the rights they need.
use [SandBox]
--grant select/insert/update, but Not Delete to a specific table
CREATE ROLE [VeryLimitedRights]
GRANT INSERT ON [dbo].[WHATEVER] TO [VeryLimitedRights]
GRANT SELECT ON [dbo].[WHATEVER] TO [VeryLimitedRights]
GRANT UPDATE ON [dbo].[WHATEVER] TO [VeryLimitedRights]
--grant readonly/select only to a different table
GRANT SELECT ON [dbo].[SomeTable] TO [VeryLimitedRights]
GO
--give readonly/select for every table to this group--do they really need this?
ALTER AUTHORIZATION ON SCHEMA::[db_datareader] TO [VeryLimitedRights]
--add two specific users to this role; this assumes they are NOT in other roles that give them too much power!
EXEC sp_addrolemember N'VeryLimitedRights', N'bob'
EXEC sp_addrolemember N'VeryLimitedRights', N'jeff'
Lowell
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply