Post reply

db_denydatawriter and db_datareader roles

  • December 2, 2017 at 2:01 pm

    #409824

    We are ending a server in 2008 R2, but the users still need to access patient records. Simply setting the database to read only prevents their login entirely.

    Is there a way to globally set the db_denydatawriter role and the db_datareader role without touch 1000 users individually?

    Thanks!

    Tom

  • December 3, 2017 at 6:01 am

    #1970427

    can't you add a windows group a user,  grant it db_datareader then set the database to read only?
    then you can add the 1000 users to the user group, and they properly inherit the permissions to at least view the data.
    with the additional benefit that even someone who has more rights cannot modify the data, since it's read only.

    Lowell

    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • December 4, 2017 at 9:35 am

    #1970555

    You could try adding db_denydatawriter to the "guest" user.  Not sure it would work, but it should be worth a try.

    SQL DBA,SQL Server MVP(07, 08, 09) "It's a dog-eat-dog world, and I'm wearing Milk-Bone underwear." "Norm", on "Cheers". Also from "Cheers", from "Carla": "You need to know 3 things about Tortelli men: Tortelli men draw women like flies; Tortelli men treat women like flies; Tortelli men's brains are in their flies".

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply