Re: alter view permissions

From: Dan Guzman (guzmanda_at_nospam-online.sbcglobal.net)
Date: 03/23/05

• Next message: David: "Web and SQL Security"
• Previous message: Dan Guzman: "Re: Failed login MyMachine\ASPNET"
• In reply to: Gabriel: "Re: alter view permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 23 Mar 2005 07:24:57 -0600

One method is to grant CREATE permissions to the user. This will allow the
user to create/alter/drop objects that they own but not objects owned by
other users. You can then change ownership of the view in question to a
different user so that it can't be modified. Other users will need to
owner-qualify object names.

Another approach, which IMHO is better, is to employ a separate database for
those objects you don't want to user to modify. The user can then
db_ddladmin role member in your current database but not in the database
containing the sensitive objects.

-- 
Hope this helps.
Dan Guzman
SQL Server MVP
"Gabriel" <anonymous@discussions.microsoft.com> wrote in message 
news:0bbe01c52fa6$ff2468e0$a601280a@phx.gbl...
> Thanks, I have not mentioned about ability to also create
> new views, stored procedures etc. This actions are not
> permited with db_datawriter role. Any ideas? :)
>
>>-----Original Message-----
>>Hi
>>Add him to db_datawriter database role but remove him
> from ddladmin db role
>>
>>
>>
>>"Gabriel" <anonymous@discussions.microsoft.com> wrote in
> message
>>news:125c01c52f94$9b7e2d10$a501280a@phx.gbl...
>>> Hello,
>>>
>>>  pls help, how can I remove alter view permission for
>>> user who is member of ddladmin db role, select and
> update
>>> queries shoud remain permited. The user should be able
> to
>>> edit all other views, stored procedures etc, except
> this
>>> one view.
>>>
>>> thank you for help
>>
>>
>>.
>> 

• Next message: David: "Web and SQL Security"
• Previous message: Dan Guzman: "Re: Failed login MyMachine\ASPNET"
• In reply to: Gabriel: "Re: alter view permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Execute Persmission denied on object sp_OACreate ... SQL Server doesn't check permissions on indirectly referenced objects as ... You can prevent ad-hoc execution of powerful master database procs while ... >I have a user who has execute permissions on a store procedure in a>database> which in turns executes 4 stored procedures in the master database. ... (microsoft.public.sqlserver.security) Re: List Users Permissions down to table.column action ... THIS STORED PROCEDURE GENERATES COMMANDS ... -- FIXED PROBLEMS WITH STATEMENT LEVEL PERMISSIONS GRANTING. ... -- CREATE TABLE TO HOLD LIST OF USERS IN CURRENT DATABASE ... -- GRANT USER ACCESS TO SERVER ROLES ... (microsoft.public.sqlserver.security) Re: User access on a company intranet ... Yes they need full permissions on the folder where the backend is. ... You wouldn't need to do this in your copy of the database. ... However you can toggle the shiftkey bypass from another mdb file. ... When you want to implement security, you create a new mdw file, ... (microsoft.public.access.security) Re: Active directory corruption ... During an installation of PHP I accidentally changed permissions for the ... Active Directory database is unavailable because it is damaged, ... Open a command prompt and run NTDSUTIL to verify the paths for the ... (microsoft.public.windows.server.sbs) Re: Active directory corruption ... default web site and copied the permissions to all the child ... as it may not be the database that is the problem. ... prompt, use the ESENTUTL to check the integrity of the database. ... To recover the database type the following at the command prompt: ... (microsoft.public.windows.server.sbs)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint