Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

What roles do I add to a new custom role, which will allow CRUD and execute on SP? Expand / Collapse
Author
Message
Posted Wednesday, September 25, 2013 10:06 AM
Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Friday, June 20, 2014 8:23 AM
Points: 738, Visits: 1,305
I want to create a new, custom role to my databases, to which I'll add users. This role will allow for normal CRUD operations on all tables, SELECT on views (I don't think I have any views that are updatable) and execute permissions on user defined stored procedures. What system defined roles should I add to this custom role, that will do what I need?

Kindest Regards,

Rod
Connect with me on LinkedIn.
Post #1498469
Posted Thursday, September 26, 2013 5:00 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Tuesday, October 21, 2014 2:36 AM
Points: 2,840, Visits: 3,970
This wil help you http://msdn.microsoft.com/library/ms189121.aspx

-------Bhuvnesh----------
I work only to learn Sql Server...though my company pays me for getting their stuff done
Post #1498763
Posted Thursday, September 26, 2013 5:05 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 3:57 AM
Points: 40,205, Visits: 36,612
Data reader and data writer, then you'll have to grant execute on either the schema or the database as there's no system role that gives just that.


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1498765
Posted Friday, September 27, 2013 9:47 AM
Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Friday, June 20, 2014 8:23 AM
Points: 738, Visits: 1,305
OK, Bhuvnesh and Gail, I've created a new role, but adding db_datareader and db_datawriter has me stumped. I've tried doing it through the SSMS GUI, but it won't let me, as it doesn't see any of the fixed database roles, which honestly I don't understand why it says "users and roles" and then it doesn't show you them. So I looked for more help and came across this thread here on SSC from 2010:

http://www.sqlservercentral.com/Forums/Topic995894-146-1.aspx

In that thread Lowell used the ALTER AUTHORIZATION ON SCHEMA command, but if I understand that correctly that gave his new role MyRole ownership of the schema. That isn't what I want. I'd rather add db_datareader and db_datawriter roles to my new custom role, on any schema within the database. (Besides dbo I've got another schema named MgmtReports with a few tables I want to grant access to my new custom role.) So, what is the correct commands do I use, please?


Kindest Regards,

Rod
Connect with me on LinkedIn.
Post #1499477
Posted Friday, September 27, 2013 9:51 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 3:57 AM
Points: 40,205, Visits: 36,612
Grant those roles to the user, you can't afaik nest roles.


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1499484
Posted Friday, September 27, 2013 12:54 PM
Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Friday, June 20, 2014 8:23 AM
Points: 738, Visits: 1,305
GilaMonster (9/27/2013)
Grant those roles to the user, you can't afaik nest roles.


Hi Gail,

I'm confused, I'm sorry. I thought that the MSDN article that Bhuvnesh pointed to said that you could create custom roles and add fixed roles to them. I see you mean granting my new custom role to the user account I want to. But can I still add the db_datareader and db_datawriter roles to my custom roll? Or do I grant db_datareader/writer to my custom role?


Kindest Regards,

Rod
Connect with me on LinkedIn.
Post #1499555
Posted Friday, September 27, 2013 4:05 PM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 3:57 AM
Points: 40,205, Visits: 36,612
Ok, so you can nest roles. So you'd add db_datareader and db_datawriter to your custom role.


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1499609
Posted Monday, September 30, 2013 8:12 AM
Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Friday, June 20, 2014 8:23 AM
Points: 738, Visits: 1,305
Thank you, Gail, for your answer. Now I'm trying to work out the correct syntax. It looks as though I should use the GRANT statement. I've created a custom role called NormalUsers, and I'm trying to add the db_datareader role to NormalUsers. This was the syntax I used:

GRANT db_datareader TO ROLE::NormalUsers TO AdventureWorks

But that doesn't work. When I run the above statement I get this error:

"Incorrect syntax near 'db_datareader'."

What have I done wrong?


Kindest Regards,

Rod
Connect with me on LinkedIn.
Post #1500018
Posted Monday, September 30, 2013 8:21 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 3:57 AM
Points: 40,205, Visits: 36,612
GRANT is for granting permissions to a role, user or login, not for adding a role, user or login as a member of a role.

From BoL
sp_addrolemember (Transact-SQL)

Adds a database user, database role, Windows login, or Windows group to a database role in the current database.




Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1500025
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse