QOD 8/19/2003

  • I think there is a better anser to this question which would be to: REVOKE SELECT ON SALARIES TO ALLDEPTS instead of denying the SELECT permission on SALARIES table. This way PAYROLL still inherits all the security set for ALLDEPTS yet ALLDEPTS still can not SELECT on SALARIES unless the user is in another group or has individual permissions to the SALARIES table.

  • I would generally agree. Use of DENY should be a last resort.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/

    K. Brian Kelley
    @kbriankelley

  • Hi there

    This is a very poor question actually and doesnt really

    make sence. Sure, you can remove the role from all depts

    but in reality this could be opening a major can of worms in

    terms of security. The rest of the options are not too much cop

    either.

    DAVNovak is right on the money and would have been a better answer

    to throw in the mix.

    Cheers

    Ck

    Chris Kempster

    http://www.chriskempster.com

    Author of "SQL Server 2k for the Oracle DBA"


    Chris Kempster
    www.chriskempster.com
    Author of "SQL Server Backup, Recovery & Troubleshooting"
    Author of "SQL Server 2k for the Oracle DBA"

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply