sql server managment studio permission

  • Hello,

    I've started in a new job working with data and I'm about to request access to a database on a central server via SQL MS.

    I suspect that our IT will not want to give me this to avoid me updating/modifying any of the tables.

    Is it possible for them to grant me access to query the tables and create views without the permissions to update?

    I want to be forearmed before they fob me off!

    Thanks

    Andy

  • andrew.robinson 9160 - Wednesday, January 2, 2019 5:03 AM

    Hello,

    I've started in a new job working with data and I'm about to request access to a database on a central server via SQL MS.

    I suspect that our IT will not want to give me this to avoid me updating/modifying any of the tables.

    Is it possible for them to grant me access to query the tables and create views without the permissions to update?

    I want to be forearmed before they fob me off!

    Thanks

    Andy

    Permissions on databases, and servers can be very granular. The type of action and the objects those commands can interact with can be both given GRANT and DENY permissions. So for example, yes you can have a user can only read data without being able to UPDATE, DELETE, etc. The DBAs should know what they're doing anyway and can configure you with the correct permissions for what you need; that is what they're there for after all.

    Thom~

    Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
    Larnu.uk

  • Thanks Thom.

    That it really helpful.

  • Creating a view requires DDL admin rights, which are usually a higher level than read or write.  I don't know if the combination of ddladmin and denydatawriter would even work.

    You might expect some negotiation over whether your views get created or not, and whether you will have rights to do it yourself.

  • The title of this, "SQL Management Studio permissions", has nothing to do with permissions to be able to create a view or query the database.
    Those permissions are part of the database engine, and in the database itself. 

    I also suspect that you may be making an incorrect assumption, or maybe violating some rules.

    I find it hard to believe that there are no processes in place to document, maintain source control over code, and QA anything you may be doing. To blindly grant permissions to create views on a production server would be a big mistake.  If there are no processes in place, than I strongly suggest you create some.  

    When you say you will be "working with data", can you elaborate?  Is this a reporting position?  Is it an analyst position?

    Michael L John
    If you assassinate a DBA, would you pull a trigger?
    To properly post on a forum:
    http://www.sqlservercentral.com/articles/61537/

  • Thanks for the replies folks.

    For 15 years I worked on querying, writing views and reporting from various servers. This is without any knowledge of administrating the database.   

    I now have a new role in a completely different industry (NHS) - the role is completely new and ambiguous to some extent and I will be shaping it myself. The people who put the role together are not data people. The NHS trust has it's own data analysts but the area I will be working in is very much set alone with specific software and I need to find a way of extracting data from the systems without relying on the front end report facility, which is limited.

    Therefore, I will be asking our IT dept for access to the databases to extract data but I'm aware that they will be sceptical and therefore need to be able to offer them some idea of how they can be safe to allow me access. Hence, the original question.

    Hope this makes sense.

    Thanks
    Andy
         

  • I'd suggest you ask the DBA to set up a new database on the server (granting db_owner permissions to the Active Directory group you are using to log on), plus data reader access to the appropriate live database. You can then write all the views/procedures/functions you need in "your" database without needing any DDL permissions in the live database - it will also keep the live database a lot tidier

  • Thanks for the reply Ian,

    I'll try that.

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply