June 29, 2007 at 5:03 am
I am having a problem with permission's. I have a SQL table that I want only one group of people to have full control over and the rest of the company should have read only rights. When I deny write privileges to the group domain user and give full control privileges to the QA group it appears that the deny overrides the permission's given. Can somebody help me out with this. I need our quality group to have full control , read, write, select and insert... While the rest of the company should only have read access. I'm rather new to permission's and can't seem to find the answer I need. ANy direction would be appreciated
Regards Kurt
Kurt Kracaw
June 29, 2007 at 6:59 am
Yes, deny privileges will override whatever other rights you have granted.
I assume you are using Windows authentication for users to connect to the database, and you are using a domain. Grant table rights for the QA group for all statements (select, insert, update, etc). Grant only SELECT rights to the table for the Domain Users group. Those users not in the QA group will have those basic rights, and members of the the QA group, being also in Domain Users group, will have combined rights, which will be SELECT-rights (from Domain Users) and Select/Insert/Update/etc rights from QA group; so the net effect will be that they have the full rights from the QA group. There is no need to use Deny rights.
Hope this helps
Mark
June 29, 2007 at 10:42 am
Still having the same problem set it the way you suggested and any one can change the table. Am I overlooking something else you can think of.
kurt
Kurt Kracaw
July 2, 2007 at 11:57 am
Create two user-defined roles.
One should be for the normal company employee. GRANT that role SELECT rights against the table. Make all corresponding users a member of that role.
The second role should be for QA. Since this is a table, GRANT SELECT, INSERT, UPDATE, and DELETE rights for the table to the role. Make the users corresponding to QA members of this role.
This is probably the simplest approach.
K. Brian Kelley
@kbriankelley
July 13, 2007 at 9:37 am
Sorry it took so long to reply but had a long vaction and am just getting caught up. Thanks to all for the help this did the trick. I ended up dropping the groups and roles I created, created them again and it is working as needed. Maybe I missed something when I first created the groups and roles
Thanks
Kurt Kracaw
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply