Re: Complete Neophyte Question(s)



James,

I do not see a way around this through SQL security settings.
Interestingly, if I:

GRANT ALTER ON SCHEMA::DBO TO MyUser
GRANT CREATE TABLE TO MyUser
REVOKE CREATE VIEW FROM MyUser

I can create a dbo.Table, but I cannot create a dbo.View. However, I can
ALTER an existing dbo.View, etc.

There is no way that I can see to work around this, either, since the
following are not valid:
REVOKE ALTER VIEW FROM MyUser
GRANT CREATE ON SCHEMA::DBO TO RFIELDS3

So, if you want users to be able to create their own views and not be able
touch the main system views, their stuff will need to be in its own schema.
If you grant all users ALTER on the same schema, they will be able to
manipulate each other's views.

An alternative is to have them develop their views on a development
database, then submit them to a controlling authority (DBA, etc) to apply to
production. But that is administrative overhead.

RLF



"James" <minorkeys@xxxxxxxxx> wrote in message
news:erJYjixwHHA.4568@xxxxxxxxxxxxxxxxxxxxxxx
One remaining question. Needed to grant a user permission to create views
within the dbo schema. All of our objects in this database are within the
dbo schema. I granted them CREATE VIEW at the database level. They
didn't have permissions for the dbo schema so the Create View statement
failed. The only way I found I was able to get them the permissions they
needed to create a view within the dbo schema was to grant them ALTER
permissions. Consequently this allows them basically full control over the
database. What's the solution here? I'd really prefer to not have
multiple schemas for this particular database.



.



Relevant Pages