开发者

Permission required to view list of tables in Management Studio

开发者 https://www.devze.com 2022-12-10 20:59 出处:网络
I searched SO for a pertinent question existing already but couldn\'t find one. I am setting up a Read-only database role for a few databases in our server farm. Here is a sample of the permissions f

I searched SO for a pertinent question existing already but couldn't find one.

I am setting up a Read-only database role for a few databases in our server farm. Here is a sample of the permissions for one table:

GRANT SELECT ON [dbo].[Table] TO [ReadOnly]
GRANT VIEW DEFINITION ON [dbo].[Table] TO [ReadOnly]
DENY ALTER ON [dbo].[Table] TO [ReadOnly]
DENY CONTROL ON [dbo].[Table] TO [ReadOnly]
DENY DELETE ON [dbo].[Table] TO [ReadOnly]
DENY INSERT ON [dbo].[Table] TO [ReadOnly]
DENY REFERENCES ON [dbo].[Table] TO [ReadOnly]
DENY TAKE OWNERSHIP ON [dbo].[Table] TO [ReadOnly]
DENY UPDATE ON [dbo].[Table] TO [ReadOnly]

This works as intended for the SELECT permissions...I'm able to ONLY SELECT data, which is exactky what I want.

However, I cannot see the list of tables in the "Tables" tab for the specified database in Management Studio. My goal with this user is to provide some users that are unfamiliar with SQL a login they 开发者_高级运维can use to pull data and start experimenting with SQL. These users are experienced with SAS, a statistical processing language, so they have some experience working with code but not so much specifically in SQL.

Which of those permissions will show the list of tables in Management Studio?


Granting any permission and view definition is all you need, however you're also explicitly DENYing inheritable permissions from the same user (DENY always overrides a GRANT). If you simply do not GRANT the permission, they will not have it (alternatively, you can REVOKE rather than DENY, which does not explicitly override a GRANT). If you change your DENY's to REVOKE in the above script, your users will be able to list/view the objects in SSMS.


This is not the answer to the question - but it do what you need to do:

use the DB_DataReader Role - for the user you want to be read only. then if you need to further hide some tables from him - just deal with them.

0

精彩评论

暂无评论...
验证码 换一张
取 消