Permission to Create, Modify & Delete Views only.

Question

Permission to Create, Modify & Delete Views only.

kkanaya

SSCommitted

Points: 1615
More actions
June 27, 2012 at 10:08 am

#258596

Hello,
An end user has requested for Create, Modify and Delete "View" permissions on a SQL 2008R2 Server database. I do not want to give the user any more permissions than what he has asked for therefore could you please help and tell me how this could be achieved?
Any help will be highly appreciated.
Thanks
Kailash.

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply

Lowell SSC Guru Points: 323518 More actions · Answer 1

As far As i know, SQL Server doesn't have the specific granularity to restrict creation to only views;

giving someone ALTER permissions(like via GRANT ALTER ON schema or the role ddl_admin) lets them build procs ,functions and tables,as well as views.

In a very simlar thread, I offered a suggestion to do that witha DDL trigger, where the DDL trigger only allows CREATE/ALTER/DROP of views, and all other DDL get rolled back in the DDL trigger.

take a look at this thread and see if that can help you, where we create the role "ViewMaker",and restrict it with the DDL trigger:

http://www.sqlservercentral.com/Forums/Topic1241211-391-1.aspx

Lowell

--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

Steve Jones - SSC Editor SSC Guru Points: 736160 More actions · Answer 2

AFAIK, Lowell is correct. You can't restrict this to just views.

SQLRNNR SSC Guru Points: 281334 More actions · Answer 3

Create view requires Alter permission on the schema. With alter on the schema, the user would then be able to alter other objects within that schema.

Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events

kkanaya SSCommitted Points: 1615 More actions · Answer 4

Thank you all (Lowell, Steve Jones & Jason) for all your help and advice. I will work with Lowell's DDLTrigger example and customise it to suit my needs.

Lowell, Thank you to you for writting the DDLTrigger example and taking time to explain it to us.

kkanaya SSCommitted Points: 1615 More actions · Answer 5

Just a thought, Can I not do the following?

1) Provide only CREATE VIEW permissions on the DATABASE (Database Permissions)

2) Create a new Schema and give Alter permissions to this new Schema

Would the above not work, As the user will only be able to create views and within the new schema?

SQLRNNR SSC Guru Points: 281334 More actions · Answer 6

Yes, you can create a new schema and grant the user the permissions there. That would limit what the user can do to just that schema.

Create new schema first. Grant create view within that schema.

Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events