Re: General permission question

From: "Uri Dimant" <urid@xxxxxxxxxxx>
Date: Tue, 18 Dec 2007 13:45:04 +0200

Hi
It is because he has DENY permission on that table and it overrides
UPDATE/INSERT/DELETE. Take a look at application role in the BOL

"Snowmizer" <Snowmizer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E734951E-921A-4760-98B9-45497F835A6A@xxxxxxxxxxxxxxxx

Here's my scenario:

I have a user in my Active Directory. This user is a part of two different
groups in AD. These AD groups have a logon in my SQL Server 2005 database.
These two groups both have rights to a particular table in my database.
One
group has select only rights and the other has select, insert, update
rights
on the same table.

I have an application that is accessing this table (updating data in the
table). When my user tries to run this application they are getting a
message
that they don't have "Update" permissions on the table. This despite the
fact
that even though they are a member of the group that only has select
permissions they are also a member of the group that has select, insert,
and
update permissions.

I also have this same scenario on my SQL Server 2000 database and things
work fine.

My explanation for this is that SQL Server 2005 uses "most restrictive
permissions win". Is this accurate?

Thanks.

Prev by Date: Re: General permission question
Next by Date: Re: NT Authority\networkservice failed to connect
Previous by thread: Re: General permission question
Next by thread: Re: General permission question
Index(es):
- Date
- Thread

Relevant Pages

ADP, Application Role, and objects
... The above link is to an atricle on how to implement SQL Server Application ... After you connect with your ADP, fire a bit of code to set the ... third party tools to view the data on the same database. ... Scenario 1 - If I explicitly grant permissions on that object to the user ...
(microsoft.public.access.adp.sqlserver)
Re: db_denydatawriter
... perhaps this also gives read write access on the database to this user? ... Resrictive permissions overrides in its own level. ... However, if she has sysadmin right, then she'll be able to modify that data. ... Is it possible she has some admin rights which override DenyWriter (though ...
(microsoft.public.sqlserver.security)
Re: SQL Server 2005 Stored Procedure security annoyances
... stored proecedure on a database wide level? ... GRANT EXECUTE ON SCHEMA::MySchema TO MyRole ... I am sure I will forget some SP's and probably forget to set the rights ... permissions because not all stored procedures are equal. ...
(microsoft.public.sqlserver.security)
Re: Execute Persmission denied on object sp_OACreate
... > SQL Server is creating a job behind the scenes. ... > permissions. ... > SA account password and gaining access to the database. ... >>> How can get a user permissions to execute these stored procedures ...
(microsoft.public.sqlserver.security)
Re: Newbie: I dont understand user permissions for table access
... > My database is remote to my workstation. ... > tables/fields WITHOUT specifying anything in the permissions dialogs? ... >> HOW are you connecting to SQL Server? ... what rights/permissions have been granted to the PUBLIC role? ...
(microsoft.public.sqlserver.server)