July 31, 2008 at 3:43 pm
Folks:
Are permissions within SQL cumulative? In other words, suppose userA is in a groupA and groupB. groupA is given read only access and groupB is given write access. Does userA get the cumulative net of these rights and therefore have write access?
Thanks !
July 31, 2008 at 4:03 pm
"The effective permissions on an object granted to a member of more than one role are the cumulative permissions of the roles, although a denied permissions in one role has precedence over the same permissions granted in another role. For example, the admin role may grant access to a table while the authors role denies access to the same table. A member of both roles is denied access to the table, because denied access is the most restrictive." Quote from link....
http://msdn.microsoft.com/en-us/library/aa163982(office.10).aspx
So, if you are not including any deny permissions in these two roles then the role with the most access would be what that user has.
David
@SQLTentmaker“He is no fool who gives what he cannot keep to gain that which he cannot lose” - Jim Elliot
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply