SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


REVOKE ability to GRANT


REVOKE ability to GRANT

Author
Message
rocky
rocky
SSC-Enthusiastic
SSC-Enthusiastic (160 reputation)SSC-Enthusiastic (160 reputation)SSC-Enthusiastic (160 reputation)SSC-Enthusiastic (160 reputation)SSC-Enthusiastic (160 reputation)SSC-Enthusiastic (160 reputation)SSC-Enthusiastic (160 reputation)SSC-Enthusiastic (160 reputation)

Group: General Forum Members
Points: 160 Visits: 246
I want to revoke the ability for a particular user (who owns a schema) to grant permissions on objects in that schema to other users. How do I do this?
From what I read I need to use the REVOKE [GRANT OPTION FOR] clause but I cannot get it to work and can't find a good example of this in regards to the schema.
Tried this:

revoke [GRANT OPTION FOR] on schema :: schema1 from user1

Any assistance is welcome.
Thanks!
rollercoaster43
rollercoaster43
SSC-Enthusiastic
SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)

Group: General Forum Members
Points: 125 Visits: 435
Hi rocky,

What I understand from the below link is that REVOKE doesn't cancel a GRANT. It doesn't block a GRANT. It removes a permission at the level specified to the security principal (user or role) specified. That's why we say it undoes a permission :

http://www.mssqltips.com/sqlservertip/2894/understanding-grant-deny-and-revoke-in-sql-server/

But even I am clueless on the solution Sad
Matthew Darwin
Matthew Darwin
SSC-Addicted
SSC-Addicted (453 reputation)SSC-Addicted (453 reputation)SSC-Addicted (453 reputation)SSC-Addicted (453 reputation)SSC-Addicted (453 reputation)SSC-Addicted (453 reputation)SSC-Addicted (453 reputation)SSC-Addicted (453 reputation)

Group: General Forum Members
Points: 453 Visits: 875
You cannot grant, deny or revoke permissions on an object to the object owner and by default the owner receives the CONTROL permission on the schema which means that they can grant permissions as they please on that object.

If you really want to prevent this, then the only way to do this is to transfer the ownership to a different user using an ALTER AUTHORIZATION statement and grant the appropriate permissions to that user so they can carry out whatever tasks are appropriate.

Follow me on twitter @EvoDBA

Check out my blog Natural Selection DBA
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search