Post reply

Need to REVOKE SELECT on all tables for all users in a database

  • November 26, 2014 at 8:24 am

    #292963

    I am trying to clean up security. When I check tables in a specific database I see a list of users with select access. There are 1000+ tables in the database. I know I can do

    'revoke select on table_name to user_name' , but I was hoping there was another way around this.

    Any ideas?

  • November 26, 2014 at 8:28 am

    #1761112

    REVOKE would remove a GRANT that was already created;

    you can get that list from sys.database_permissions, and script the DENY's from there.

    but what about users who were simpyl added to the db_datareader role? maybe you want to remove their memebership, or

    maybe you want to DENY SELECt on all objects, regardless ?

    Lowell

    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • November 26, 2014 at 8:35 am

    #1761116

    My understanding of SQL security is somewhat limited, but I am trying to get a handle on it.

    Yes, I think I would probably want to deny select on all objects. I think my next step will be to create a role where I will grant select access to this role on specific tables. Then grant the role to specific users. Make sense?

  • November 27, 2014 at 1:33 am

    This was removed by the editor as SPAM

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply