March 24, 2010 at 3:02 pm
We have an AD group that is a login on the SQL Server. There is a view in database A over a table in database B. If we give the AD group login datareader on database A (where the view is) should they be able to view the data? If not what is the minimum rights required to do this?
March 24, 2010 at 5:58 pm
The group will need to have select permission for the tables on the database where the tables reside.
It would be best to assign these permissions to a role and then just add that group to the database role.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
March 25, 2010 at 5:10 am
thanks for the reply. With that, is there any way to prevent an advanced user from making a direct connection to the table? For example, through Excel?
March 25, 2010 at 10:33 am
Yes there is.
Since it is two different databases, I would recommend using a certificate and a signed stored procedure. The certificate would be associated to a user in the table database (which would not be the enduser account). Put that user (for the certificate) in the role that has select permission on the table.
An end-user would not be able to connect directly to the table in this scenario.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
March 25, 2010 at 4:11 pm
thanks for the info, we'll give it a try.
March 25, 2010 at 4:23 pm
You're welcome.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply