April 16, 2012 at 12:12 pm
Hello All,
I have created 2 active directory groups.One groups has full permissions with sysadmin role and the other group should have read only permission and they should not have any permissions to create or modify the database objects.So for the second group I ran this script.
CREATE ROLE [ReallyReadOnly]
EXEC sp_addrolemember N'db_datareader', N'ReallyReadOnly'
--explicitly DENY access to writing
EXEC sp_addrolemember N'DB_DenyDataWriter', N'ReallyReadOnly'
--now since we know the AD domain group as a LOGIN exists, added a USER, tied to that login, to our database
--make a user in the db for the matching login
CREATE USER [MyDomain\ThatBizGroup] FOR LOGIN [MyDomain\ThatBizGroup]
--finally, add user to the role created
EXEC sp_addrolemember N'ReallyReadOnly', N'MyDomain\ThatBizGroup'
I followed this. But they still can create a table and insert the records.Please correct me if I am doing anything wrong.
Thanks for any help.
April 16, 2012 at 2:54 pm
Does anyone has suggestions?
April 16, 2012 at 2:57 pm
You'd probably get more responses if you posted in the correct forum. There is a forum specifically for SQL Server 2008 Administration.
Drew
J. Drew Allen
Business Intelligence Analyst
Philadelphia, PA
April 16, 2012 at 3:00 pm
Thanks so much Drew...I posted there.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply