April 28, 2003 at 2:38 pm
Are SQL rights additive? Or does it take the most restrictive of the set of rights?
My problem:
I have a group of users that I have granted dbdatareader access to. However, there are four people who need to be able to update, insert,and delete from a couple of the tables in the database. So, I created a new group and granted appropriate rights. These users are now in both groups and do not have access to update/insert/delete.
For user maintenance I would like to keep these four users in both groups. Any ideas how I can accomplish my goal?
TIA,
Michelle
Michelle
April 28, 2003 at 2:53 pm
I fixed it, but still want to know how the rights are handled. I would like to know if there is a better way.
In this instance I forgot to define a primary key, so Access wouldn't allow the users to update.
Thanks for your time,
Michelle
Michelle
April 28, 2003 at 3:02 pm
Rights are additive with the exception of if there is a DENY in there. DENY is a trump. For instance, if you have a user who is a member of both db_datareader and db_datawriter roles, the user can read or modify data in any table in the database.
I believe there's a KB article indicating that users have to come out of the database (either logging off SQL Server or switching databases), but I can't find it off-hand. I'll keep looking for it. Were the users logged on and in the system at the time?
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
April 29, 2003 at 3:55 pm
Thanks Brian -
In this particular situation, it didn't matter if they were logged in since it was a SQL/Access problem.
Thanks for the information though on multiple sessions. I looked around and found this article 207718 that I believe describes the bug to which you are referring.
Thanks again,
Michelle
Michelle
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply