March 31, 2019 at 8:54 am
Under a particular database, I click on a user profile and check the properties. The database role of db_datareader is assigned. I had previously assigned the update permission to the 'employee' table too.
I logged out, then logged back in as the user in question. Under a employee table in the same database, I was able to assign the 'Update' permission. I was then able to change a value in the 'employee' table.
Updating a value is 'writing' (as opposed to reading). How could this user account write to a table within this database, when the database role only allows read only access?
March 31, 2019 at 2:42 pm
What other roles does the use in question have?
March 31, 2019 at 4:29 pm
For server roles, the user only has 'public.' For database roles the user has db_backupoperator and db_datareader.
March 31, 2019 at 4:37 pm
You stated you had previously granted update access to the user - once granted it will remain until explicitly revoked. So now this user has db_datareader role AND explicit update to the Employee table.
Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”
― Charles R. Swindoll
How to post questions to get better answers faster
Managing Transaction Logs
March 31, 2019 at 9:05 pm
I understand Update will be in effect until it is revoked. What I am wondering is how is it possible for the user to do a write operation on a table, when the user is assigned read-only access at the database level? I would think that any access assigned at the database level would cascade down to the tables, views and stored procedures within that database.
April 1, 2019 at 5:42 pm
Permissions are cumulative so somewhere along the lines, you have given the user permissions for the update - whether it's through role membership, membership in a windows group with permissions, individual permissions, permissions granted to public,etc.
So it's possible by having granted the permissions.
Sue
Viewing 6 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply
This website stores cookies on your computer.
These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.
To find out more about the cookies we use, see our Privacy Policy