Re: DENY ALL for all tables
From: Cindy Gross (cgross@online.microsoft.com)
Date: 08/15/02
- Next message: Cindy Gross: "RE: SQL Server Security Question"
- Previous message: Cindy Gross: "RE: Linked Server problem with Informix ODBC driver"
- In reply to: Andrew J. Kelly: "Re: DENY ALL for all tables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: cgross@online.microsoft.com (Cindy Gross (MS)) Date: Thu, 15 Aug 2002 01:02:24 GMT
If you don't want your users to be able to read from all tables in the databaes, then don't add them to the db_datareader role. Instead, grant select to the tables
you do want them to have access to.
Example:
use tempdb
exec sp_addlogin new
exec sp_adduser new
exec sp_addrole sqlreaders
grant create table to new
go
setuser 'new'
go
create table table1 (col1 int not null)
go
setuser
go
grant select on new.table1 to SQLREADERS
exec sp_helprotect 'new.table1'
go
drop table new.table1
sp_dropuser new
sp_droprole sqlreaders
sp_droplogin new
Cindy Gross, MCDBA, MCSE
http://cindygross.tripod.com
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Cindy Gross: "RE: SQL Server Security Question"
- Previous message: Cindy Gross: "RE: Linked Server problem with Informix ODBC driver"
- In reply to: Andrew J. Kelly: "Re: DENY ALL for all tables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
