SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


reader role for user define db role brain freeze


reader role for user define db role brain freeze

Author
Message
tcronin 95651
tcronin 95651
SSCrazy
SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)

Group: General Forum Members
Points: 2441 Visits: 616
Ok trying to clean up security at new job. Helpdesk group needs read only access to a database along with the ability to update and delete records in one table. So I define the extendable security for the update/delete, thats easy, isnt' there a way to add the db_datareader option to this role
Erland Sommarskog
Erland Sommarskog
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10050 Visits: 879
EXEC sp_addrolemember 'db_datareader', 'DOMAIN\HELPDESKGROUP'
GRANT UPDATE, DELETE ON onespecifictable TO [DOMAIN\HELPDESKGROUP]



Erland Sommarskog, SQL Server MVP, www.sommarskog.se
tcronin 95651
tcronin 95651
SSCrazy
SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)

Group: General Forum Members
Points: 2441 Visits: 616
i believe this adds read only functionality to a windows/ad group which is ok. What I was looking at doing was this

Add windows\ad group helpdesk as a login.
Give it public access to database
create a user defined database role that has the read only rights and the one table update
add this wind\ad group login to the user defined database role

AM I missing something
Erland Sommarskog
Erland Sommarskog
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10050 Visits: 879
Of course you could do that. Your requirement was not clear to me.

CREATE LOGIN [DOMAIN\Helpdeskgroup] FROM WINDOWS
go
USE Helpdeskdb
go
CREATE USER [Domain\Helpdeskgroup]
CREATE ROLE Helpdeskrole
EXEC sp_addrolemember Helpdeskrole, 'Domain\Helpdeskgroup'
EXEC sp_addrolemember db_datareader, Helpdeskrole
GRANT UPDATE, DELETE ON Helpdeskrole



If you are on SQL 2012, use ALTER ROLE ADD MEMBER rather than sp_addrolemember.

Erland Sommarskog, SQL Server MVP, www.sommarskog.se
tcronin 95651
tcronin 95651
SSCrazy
SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)

Group: General Forum Members
Points: 2441 Visits: 616
not a brain freeze, user told me error said did not have access, went to desk of user executing sql against master................
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum







































































































































































SQLServerCentral


Search