User Permissions

  • I am having a problem with permission's. I have a SQL table that I want only one group of people to have full control over and the rest of the company should have read only rights. When I deny write privileges to the group domain user and give full control privileges to the QA group it appears that the deny overrides the permission's given. Can somebody help me out with this. I need our quality group to have full control , read, write, select and insert... While the rest of the company should only have read access. I'm rather new to permission's and can't seem to find the answer I need. ANy direction would be appreciated

    Regards Kurt

    Kurt Kracaw

  • Yes, deny privileges will override whatever other rights you have granted.

    I assume you are using Windows authentication for users to connect to the database, and you are using a domain.  Grant table rights for the QA group for all statements (select, insert, update, etc).  Grant only SELECT rights to the table for the Domain Users group.  Those users not in the QA group will have those basic rights, and members of the the QA group, being also in Domain Users group, will have combined rights, which will be SELECT-rights (from Domain Users) and Select/Insert/Update/etc rights from QA group; so the net effect will be that they have the full rights from the QA group.  There is no need to use Deny rights.

    Hope this helps



    Mark

  • Still having the same problem set it the way you suggested and any one can change the table. Am I overlooking something else you can think of.

    kurt

    Kurt Kracaw

  • Create two user-defined roles.

    One should be for the normal company employee. GRANT that role SELECT rights against the table. Make all corresponding users a member of that role.

    The second role should be for QA. Since this is a table, GRANT SELECT, INSERT, UPDATE, and DELETE rights for the table to the role. Make the users corresponding to QA members of this role.

    This is probably the simplest approach.

    K. Brian Kelley
    @kbriankelley

  • Sorry it took so long to reply but had a long vaction and am just getting caught up. Thanks to all for the help this did the trick. I ended up dropping the groups and roles I created, created them again and it is working as needed. Maybe I missed something when I first created the groups and roles

    Thanks

    Kurt Kracaw

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply