SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


What roles do I add to a new custom role, which will allow CRUD and execute on SP?


What roles do I add to a new custom role, which will allow CRUD and execute on SP?

Author
Message
Rod
Rod
SSCertifiable
SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)

Group: General Forum Members
Points: 7174 Visits: 2180
I want to create a new, custom role to my databases, to which I'll add users. This role will allow for normal CRUD operations on all tables, SELECT on views (I don't think I have any views that are updatable) and execute permissions on user defined stored procedures. What system defined roles should I add to this custom role, that will do what I need?

Kindest Regards,Rod
Connect with me on LinkedIn.
Bhuvnesh
Bhuvnesh
SSChampion
SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)

Group: General Forum Members
Points: 13452 Visits: 4077
This wil help you http://msdn.microsoft.com/library/ms189121.aspx

-------Bhuvnesh----------
I work only to learn Sql Server...though my company pays me for getting their stuff done;-)
GilaMonster
GilaMonster
SSC Guru
SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)

Group: General Forum Members
Points: 227633 Visits: 46339
Data reader and data writer, then you'll have to grant execute on either the schema or the database as there's no system role that gives just that.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


Rod
Rod
SSCertifiable
SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)

Group: General Forum Members
Points: 7174 Visits: 2180
OK, Bhuvnesh and Gail, I've created a new role, but adding db_datareader and db_datawriter has me stumped. I've tried doing it through the SSMS GUI, but it won't let me, as it doesn't see any of the fixed database roles, which honestly I don't understand why it says "users and roles" and then it doesn't show you them. So I looked for more help and came across this thread here on SSC from 2010:

http://www.sqlservercentral.com/Forums/Topic995894-146-1.aspx

In that thread Lowell used the ALTER AUTHORIZATION ON SCHEMA command, but if I understand that correctly that gave his new role MyRole ownership of the schema. That isn't what I want. I'd rather add db_datareader and db_datawriter roles to my new custom role, on any schema within the database. (Besides dbo I've got another schema named MgmtReports with a few tables I want to grant access to my new custom role.) So, what is the correct commands do I use, please?

Kindest Regards,Rod
Connect with me on LinkedIn.
GilaMonster
GilaMonster
SSC Guru
SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)

Group: General Forum Members
Points: 227633 Visits: 46339
Grant those roles to the user, you can't afaik nest roles.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


Rod
Rod
SSCertifiable
SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)

Group: General Forum Members
Points: 7174 Visits: 2180
GilaMonster (9/27/2013)
Grant those roles to the user, you can't afaik nest roles.


Hi Gail,

I'm confused, I'm sorry. I thought that the MSDN article that Bhuvnesh pointed to said that you could create custom roles and add fixed roles to them. I see you mean granting my new custom role to the user account I want to. But can I still add the db_datareader and db_datawriter roles to my custom roll? Or do I grant db_datareader/writer to my custom role?

Kindest Regards,Rod
Connect with me on LinkedIn.
GilaMonster
GilaMonster
SSC Guru
SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)

Group: General Forum Members
Points: 227633 Visits: 46339
Ok, so you can nest roles. So you'd add db_datareader and db_datawriter to your custom role.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


Rod
Rod
SSCertifiable
SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)SSCertifiable (7.2K reputation)

Group: General Forum Members
Points: 7174 Visits: 2180
Thank you, Gail, for your answer. Now I'm trying to work out the correct syntax. It looks as though I should use the GRANT statement. I've created a custom role called NormalUsers, and I'm trying to add the db_datareader role to NormalUsers. This was the syntax I used:

GRANT db_datareader TO ROLE::NormalUsers TO AdventureWorks



But that doesn't work. When I run the above statement I get this error:

"Incorrect syntax near 'db_datareader'."

What have I done wrong?

Kindest Regards,Rod
Connect with me on LinkedIn.
GilaMonster
GilaMonster
SSC Guru
SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)SSC Guru (227K reputation)

Group: General Forum Members
Points: 227633 Visits: 46339
GRANT is for granting permissions to a role, user or login, not for adding a role, user or login as a member of a role.

From BoL
sp_addrolemember (Transact-SQL)

Adds a database user, database role, Windows login, or Windows group to a database role in the current database.


Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search