October 12, 2009 at 7:46 am
Dear All,
Am trying to find the minimum Server and database role i have to use to assign permissions for a windows group and logins in the group to Read Only and Export Data from the database. We are using Windows 2008 Standard Edition SP1.
Thanks,
Jedd.
October 12, 2009 at 9:12 am
Well, the login will need logon rights and then the logon will need to be mapped to a user in the desired database(s) and they will need select rights on any tables/views that the data will need to be exported from.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
October 12, 2009 at 11:58 am
Thanks, Jack!
I followed the recommendation and did the below steps in my test environment. Wanted to make sure if these steps assure me that I have given the minumum permission to only read and export data from the database for the new group.
1. I have created the group in AD and made it member of DOMAIN USERS.
2. Added the group to SQL Server with PUBLIC role.
3 Added the group to the Database
- No default schema assigned
- Doesn't own a schema
- Has a DATA READER database Role.
Thanks,
Jedd.
October 12, 2009 at 12:04 pm
Glad I could help. I' recommend against using the datareader role. That means that hey can query any table withing the database, even ones that may be created later. I'd recommend creating a custom role and granting select permissions only on those tables needed.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply