June 4, 2009 at 9:35 am
We have a database accessible from many clients through a web application.
We're modifying the SQL account securables to prevent the users from doing things we'd rather they not do. We quickly learned that we needed to be very explicit - either grant or deny access to a permission for a table; leaving the deny unchecked is tantamount to granting permission. We started checking Deny for most permissions. After doing this the clients couldn't perform some tasks like Select that we had granted permission to perform. When we granted Control to the permission for the table a Select on that table worked. What is this permission & what does it do?
Thanks in advance,
BigSam
June 4, 2009 at 9:50 am
CONTROL allows you to change things. http://msdn.microsoft.com/en-us/library/ms187940.aspx, CONTROL almost makes the like an owner.
No one gets permission by default. You do not need to check DENY, unless the user is granted rights by some other method (usually a role) and you need to prevent that.
You want to explicitly grant SELECT, INSERT, UPDATE, DELETE, EXECUTE permissions to most roles. I say roles because you do not want to grant these to users. You want to grant rights to a role and then add users to the role.
June 4, 2009 at 11:23 am
Ok. Thanks, I'll dig into that a little deeper, taking the role route.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply