August 19, 2003 at 1:26 pm
I think there is a better anser to this question which would be to: REVOKE SELECT ON SALARIES TO ALLDEPTS instead of denying the SELECT permission on SALARIES table. This way PAYROLL still inherits all the security set for ALLDEPTS yet ALLDEPTS still can not SELECT on SALARIES unless the user is in another group or has individual permissions to the SALARIES table.
August 19, 2003 at 2:02 pm
I would generally agree. Use of DENY should be a last resort.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
August 19, 2003 at 8:20 pm
Hi there
This is a very poor question actually and doesnt really
make sence. Sure, you can remove the role from all depts
but in reality this could be opening a major can of worms in
terms of security. The rest of the options are not too much cop
either.
DAVNovak is right on the money and would have been a better answer
to throw in the mix.
Cheers
Ck
Chris Kempster
Author of "SQL Server 2k for the Oracle DBA"
Chris Kempster
www.chriskempster.com
Author of "SQL Server Backup, Recovery & Troubleshooting"
Author of "SQL Server 2k for the Oracle DBA"
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply