Home Forums SQL Server 2005 Administering Minimum rights required. RE: Minimum rights required.

  • April 14, 2010 at 5:56 am

    #1151250

    Into "all" tables. Does this include the system tables?

    I would do this with two logins.

    One login would have DDLAdmin, datareader, datawriter and this login would exist only in DEV.

    For the 2nd login, I would create a role and assign the appropriate permissions. This login would be used by the application or users.

    Select on user tables

    Execute on sprocs and functions

    I would control the access to all of the user tables via the sprocs. I probably would NOT grant "datawriter" to this role because permissions should always be granted minimally and the user/application probably doesn't need to "write" to all tables.

    Now if you're just looking for the easy way, the answer is:

    DDLAdmin

    Datareader

    datawriter

    Depending on the schema the sproc is created with, you'll probably need to grant "exec" on the sprocs and functions

    DBOwner will take care of the execute as well but again I wouldn't recommend this.