December 11, 2009 at 5:54 am
Hi...
I've created a Database EventLog for tracking the changes made (on SPS & Tables) for 2 different databases. In the Eventlog a table Changelog has been created to store the changes made. The entries are inserted through a DDL trigger for the changes made in the 2 databases.
Now I want to create a role with the following limited access:
1. User should be able to insert records
2. Select, update & Alter table rights not required. User should not delete/modify the trigger.
3. User should not alter / drop any sp & function.
After the role is created, I need to create a user & map it to the role.
Kindly let me know how to do this.
Rgds
Mohan Kumar
December 11, 2009 at 6:24 am
You can give granular permissions for each object. Give the permission for each objects to three different groups according to your business needs or security model. Then add the users to the group according to your model.
-Roy
December 11, 2009 at 7:38 am
Roy
Thanks for your reply. Can you please give me an example?
Rgds
Mohan Kumar VS
December 11, 2009 at 7:46 am
You could actually get more details regarding this in BOL. Just search for GRANT.
example
GRANT EXECUTE ON [dbo].[SPNAME] TO [ExecuteRole]
GRANT SELECT, UPDATE on [DBO].[TableName] TO [SELECTROLE]
GRANT CREATE TABLE TO [ALTERROLE]
The Roles has to be created first though
-Roy
December 13, 2009 at 9:58 pm
Thank you Roy.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply