September 25, 2013 at 10:06 am
I want to create a new, custom role to my databases, to which I'll add users. This role will allow for normal CRUD operations on all tables, SELECT on views (I don't think I have any views that are updatable) and execute permissions on user defined stored procedures. What system defined roles should I add to this custom role, that will do what I need?
Kindest Regards, Rod Connect with me on LinkedIn.
September 26, 2013 at 5:00 am
This wil help you http://msdn.microsoft.com/library/ms189121.aspx
-------Bhuvnesh----------
I work only to learn Sql Server...though my company pays me for getting their stuff done;-)
September 26, 2013 at 5:05 am
Data reader and data writer, then you'll have to grant execute on either the schema or the database as there's no system role that gives just that.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
September 27, 2013 at 9:47 am
OK, Bhuvnesh and Gail, I've created a new role, but adding db_datareader and db_datawriter has me stumped. I've tried doing it through the SSMS GUI, but it won't let me, as it doesn't see any of the fixed database roles, which honestly I don't understand why it says "users and roles" and then it doesn't show you them. So I looked for more help and came across this thread here on SSC from 2010:
http://www.sqlservercentral.com/Forums/Topic995894-146-1.aspx
In that thread Lowell used the ALTER AUTHORIZATION ON SCHEMA command, but if I understand that correctly that gave his new role MyRole ownership of the schema. That isn't what I want. I'd rather add db_datareader and db_datawriter roles to my new custom role, on any schema within the database. (Besides dbo I've got another schema named MgmtReports with a few tables I want to grant access to my new custom role.) So, what is the correct commands do I use, please?
Kindest Regards, Rod Connect with me on LinkedIn.
September 27, 2013 at 9:51 am
Grant those roles to the user, you can't afaik nest roles.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
September 27, 2013 at 12:54 pm
GilaMonster (9/27/2013)
Grant those roles to the user, you can't afaik nest roles.
Hi Gail,
I'm confused, I'm sorry. I thought that the MSDN article that Bhuvnesh pointed to said that you could create custom roles and add fixed roles to them. I see you mean granting my new custom role to the user account I want to. But can I still add the db_datareader and db_datawriter roles to my custom roll? Or do I grant db_datareader/writer to my custom role?
Kindest Regards, Rod Connect with me on LinkedIn.
September 27, 2013 at 4:05 pm
Ok, so you can nest roles. So you'd add db_datareader and db_datawriter to your custom role.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
September 30, 2013 at 8:12 am
Thank you, Gail, for your answer. Now I'm trying to work out the correct syntax. It looks as though I should use the GRANT statement. I've created a custom role called NormalUsers, and I'm trying to add the db_datareader role to NormalUsers. This was the syntax I used:
GRANT db_datareader TO ROLE::NormalUsers TO AdventureWorks
But that doesn't work. When I run the above statement I get this error:
"Incorrect syntax near 'db_datareader'."
What have I done wrong?
Kindest Regards, Rod Connect with me on LinkedIn.
September 30, 2013 at 8:21 am
GRANT is for granting permissions to a role, user or login, not for adding a role, user or login as a member of a role.
From BoL
sp_addrolemember (Transact-SQL)
Adds a database user, database role, Windows login, or Windows group to a database role in the current database.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply