Group & user in group permission

  • Hello all,

    I have a problem with permission issue.

    I have added a group and set its permission to grant SELECT, deny INSERT/UPDATE/DELETE.

    However, there are users in this group that is supposed to have grant permission for SELECT/INSERT/UPDATE/DELETE.

    Is there an alternative way besides adding each user ID in the server?

    FYI, user ID are from Active Directory (windows login authentication).

  • Instead of deny INSERT/UPDATE/DELETE revoke those permissions. So the users which have been granted those right either individually or through some other group will be able to insert/update/delete, but those which are only mber of your group won't have permission to do so.

    Always be careful using DENY, because it will override any GRANT unless the user is member of the db_owner role.

    [font="Verdana"]Markus Bohse[/font]

  • Hello Marcus. Thanks for replying.

    I have revoke insert/delete/update to the group by clearing the appropriate box.

    But now all users in the group can edit the data in the tables, not only the users that I have marked 'tick' in the insert/delete/update box.

    How to prevent other users in the group from editing data?

  • I think the best option in your case is to create two groups. One group with select\update\insert and delete permissions and another one with only select. Then add the users who need write permissions to the first group and the users with only read permission to the second group.

    [font="Verdana"]Markus Bohse[/font]

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply