December 2, 2017 at 2:01 pm
We are ending a server in 2008 R2, but the users still need to access patient records. Simply setting the database to read only prevents their login entirely.
Is there a way to globally set the db_denydatawriter role and the db_datareader role without touch 1000 users individually?
Thanks!
Tom
December 3, 2017 at 6:01 am
can't you add a windows group a user, grant it db_datareader then set the database to read only?
then you can add the 1000 users to the user group, and they properly inherit the permissions to at least view the data.
with the additional benefit that even someone who has more rights cannot modify the data, since it's read only.
Lowell
December 4, 2017 at 9:35 am
You could try adding db_denydatawriter to the "guest" user. Not sure it would work, but it should be worth a try.
SQL DBA,SQL Server MVP(07, 08, 09) A socialist is someone who will give you the shirt off *someone else's* back.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply