April 11, 2013 at 12:08 pm
I want to revoke the ability for a particular user (who owns a schema) to grant permissions on objects in that schema to other users. How do I do this?
From what I read I need to use the REVOKE [GRANT OPTION FOR] clause but I cannot get it to work and can't find a good example of this in regards to the schema.
Tried this:
revoke [GRANT OPTION FOR] on schema :: schema1 from user1
Any assistance is welcome.
Thanks!
April 15, 2013 at 3:38 am
Hi rocky,
What I understand from the below link is that REVOKE doesn't cancel a GRANT. It doesn't block a GRANT. It removes a permission at the level specified to the security principal (user or role) specified. That's why we say it undoes a permission :
http://www.mssqltips.com/sqlservertip/2894/understanding-grant-deny-and-revoke-in-sql-server/
But even I am clueless on the solution 🙁
May 23, 2013 at 9:26 am
You cannot grant, deny or revoke permissions on an object to the object owner and by default the owner receives the CONTROL permission on the schema which means that they can grant permissions as they please on that object.
If you really want to prevent this, then the only way to do this is to transfer the ownership to a different user using an ALTER AUTHORIZATION statement and grant the appropriate permissions to that user so they can carry out whatever tasks are appropriate.
Follow me on twitter @EvoDBACheck out my blog Natural Selection DBA[/url]
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply