SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Synonyms Permissions?


Synonyms Permissions?

Author
Message
david.ostrander
david.ostrander
Old Hand
Old Hand (384 reputation)Old Hand (384 reputation)Old Hand (384 reputation)Old Hand (384 reputation)Old Hand (384 reputation)Old Hand (384 reputation)Old Hand (384 reputation)Old Hand (384 reputation)

Group: General Forum Members
Points: 384 Visits: 692
Hello –

I’m on a project where I created two Synonyms I called TimeDataFetchCurrent and the other TimeDataFetchOld.

(Synonym) TimeDataFetchCurrent is referencing my table TimeDataFresh and (Synonym) TimeDataFetchOld is referencing table TDFB

Users are connecting within Excel to the database server and want them to only use TimeDataFetchCurrent . This way they can pull in the data and report off of it.

My question is there a way to lock down the tables and only have people see and choose the TimeDataFetchCurrent Synonym when setting this up? Didn’t know if I set the permissions Synonoym if they would carry over and give the table permission as well.

I attached a screenshot of what I was looking for.

Thoughts??

Regards,
D
Attachments
1-9-2012 11-45-44 AM.png (14 views, 30.00 KB)
Orlando Colamatteo
Orlando Colamatteo
SSC-Dedicated
SSC-Dedicated (37K reputation)SSC-Dedicated (37K reputation)SSC-Dedicated (37K reputation)SSC-Dedicated (37K reputation)SSC-Dedicated (37K reputation)SSC-Dedicated (37K reputation)SSC-Dedicated (37K reputation)SSC-Dedicated (37K reputation)

Group: General Forum Members
Points: 37050 Visits: 14411
From Metadata Visibility Configuration:

In SQL Server 2005, the visibility of metadata is limited to securables that a user either owns or on which the user has been granted some permission.


Synonyms are objects too, so they have permissions that belong to them separate from the objects they point to. If you REVOKE all permissions of the Database User you want to hide the Synonym from then the User will not see it in an object listing, at least not in SSMS Object Explorer. I do not have a testbed setup for your Excel use-case.

REVOKE SELECT ON dbo.TimeDataFetchOld TO user_to_hide_object_from ;



If it is still visible check for other permissions:

EXECUTE AS LOGIN = 'user_to_hide_object_from';
SELECT * FROM fn_my_permissions ( 'dbo.TimeDataFetchOld' , 'OBJECT' )
REVERT;



Edit:

PS Note that Role Membership also counts. The query above using fn_my_permissions will show you if the user has access, however if will not tell you whether it is via a direct GRANT or via Role Membership.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search