October 12, 2009 at 7:46 am
Dear All,
Am trying to find the minimum Server and database role i have to use to assign permissions for a windows group and logins in the group to Read Only and Export Data from the database. We are using Windows 2008 Standard Edition SP1.
Thanks,
Jedd.
October 12, 2009 at 9:12 am
Well, the login will need logon rights and then the logon will need to be mapped to a user in the desired database(s) and they will need select rights on any tables/views that the data will need to be exported from.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
October 12, 2009 at 11:58 am
Thanks, Jack!
I followed the recommendation and did the below steps in my test environment. Wanted to make sure if these steps assure me that I have given the minumum permission to only read and export data from the database for the new group.
1. I have created the group in AD and made it member of DOMAIN USERS.
2. Added the group to SQL Server with PUBLIC role.
3 Added the group to the Database
- No default schema assigned
- Doesn't own a schema
- Has a DATA READER database Role.
Thanks,
Jedd.
October 12, 2009 at 12:04 pm
Glad I could help. I' recommend against using the datareader role. That means that hey can query any table withing the database, even ones that may be created later. I'd recommend creating a custom role and granting select permissions only on those tables needed.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply
This website stores cookies on your computer.
These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.
To find out more about the cookies we use, see our Privacy Policy