December 6, 2004 at 9:24 am
We have several logins that we use in scripts and DTS Packages to perform certain DDL on tables. We have the need to have some logins truncate tables, therefore, that login needs to belong to the db_ddladmin role. We are worried about security risks with that login being able to truncate all the tables on the database. Is there a way to allow the login to only truncate certain tables??
Thanks in Advance!
December 6, 2004 at 9:40 am
can't you create a sp that does the truncating job and then grant to that sp only when needed to only the users that need to execute it?
December 6, 2004 at 10:54 am
The stored procedure is a good idea since it would only truncate the table specified in the stored proc. We have DTS Packages that run throughout the day to truncate and reload several tables. Also, we have applications that create temp tables and then truncate those temp tables, which is another issue...
December 6, 2004 at 11:16 am
I don't see the issue.. if the application can create/truncate it then they "should be able to" destroy it (unless denied permission is in place). But that's why stuff like that should be on the server using SPs or dts, so the user only need to have access to the SP and not to create and delete tables.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply