Minimum permission for Reading and Exporting data from SQL Server 2008 database.

  • yabay

    Mr or Mrs. 500

    Points: 595

    Dear All,

    Am trying to find the minimum Server and database role i have to use to assign permissions for a windows group and logins in the group to Read Only and Export Data from the database. We are using Windows 2008 Standard Edition SP1.

    Thanks,

    Jedd.

  • Jack Corbett

    SSC Guru

    Points: 184359

    Well, the login will need logon rights and then the logon will need to be mapped to a user in the desired database(s) and they will need select rights on any tables/views that the data will need to be exported from.


    Jack Corbett Consultant Straight Path Solutions Dont let the good be the enemy of the best. -- Paul FlemingAt best you can say that one job may be more secure than another, but total job security is an illusion. -- Rod at workCheck out these links on how to get faster and more accurate answers: Forum Etiquette: How to post data/code on a forum to get the best helpNeed an Answer? Actually, No ... You Need a QuestionHow to Post Performance Problems[/url]Crosstabs and Pivots or How to turn rows into columns Part 1[/url][url url=http://www.sqlservercent

  • yabay

    Mr or Mrs. 500

    Points: 595

    Thanks, Jack!

    I followed the recommendation and did the below steps in my test environment. Wanted to make sure if these steps assure me that I have given the minumum permission to only read and export data from the database for the new group.

    1. I have created the group in AD and made it member of DOMAIN USERS.

    2. Added the group to SQL Server with PUBLIC role.

    3 Added the group to the Database

    - No default schema assigned

    - Doesn't own a schema

    - Has a DATA READER database Role.

    Thanks,

    Jedd.

  • Jack Corbett

    SSC Guru

    Points: 184359

    Glad I could help. I' recommend against using the datareader role. That means that hey can query any table withing the database, even ones that may be created later. I'd recommend creating a custom role and granting select permissions only on those tables needed.


    Jack Corbett Consultant Straight Path Solutions Dont let the good be the enemy of the best. -- Paul FlemingAt best you can say that one job may be more secure than another, but total job security is an illusion. -- Rod at workCheck out these links on how to get faster and more accurate answers: Forum Etiquette: How to post data/code on a forum to get the best helpNeed an Answer? Actually, No ... You Need a QuestionHow to Post Performance Problems[/url]Crosstabs and Pivots or How to turn rows into columns Part 1[/url][url url=http://www.sqlservercent

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply