Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

REVOKE ability to GRANT Expand / Collapse
Author
Message
Posted Thursday, April 11, 2013 12:08 PM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Thursday, June 19, 2014 9:38 AM
Points: 92, Visits: 240
I want to revoke the ability for a particular user (who owns a schema) to grant permissions on objects in that schema to other users. How do I do this?
From what I read I need to use the REVOKE [GRANT OPTION FOR] clause but I cannot get it to work and can't find a good example of this in regards to the schema.
Tried this:

revoke [GRANT OPTION FOR] on schema :: schema1 from user1

Any assistance is welcome.
Thanks!
Post #1441409
Posted Monday, April 15, 2013 3:38 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Wednesday, August 13, 2014 5:27 AM
Points: 61, Visits: 407
Hi rocky,

What I understand from the below link is that REVOKE doesn't cancel a GRANT. It doesn't block a GRANT. It removes a permission at the level specified to the security principal (user or role) specified. That's why we say it undoes a permission :

http://www.mssqltips.com/sqlservertip/2894/understanding-grant-deny-and-revoke-in-sql-server/

But even I am clueless on the solution
Post #1442225
Posted Thursday, May 23, 2013 9:26 AM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Yesterday @ 8:28 AM
Points: 146, Visits: 630
You cannot grant, deny or revoke permissions on an object to the object owner and by default the owner receives the CONTROL permission on the schema which means that they can grant permissions as they please on that object.

If you really want to prevent this, then the only way to do this is to transfer the ownership to a different user using an ALTER AUTHORIZATION statement and grant the appropriate permissions to that user so they can carry out whatever tasks are appropriate.
Post #1456054
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse