|
All, Can a user with the db_datareader and db_datawriter access drop or or alter a contraint??
(comments are locked)
|
|
Take a look at the fixed db roles in books online: http://msdn.microsoft.com/en-us/library/ms189612(v=SQL.100).aspx The roles grant select, insert and delete along with view database, nothing to do with DDL though. You will need to take a look at maybe granting access on an object level, or maybe the DDL Admin fixed role, although that allows alot more than just constraints.
(comments are locked)
|
|
No. If a user has such ability and you're thinking they only have db_datareader and db_datawriter, check to see if they are coming into the database with a Windows group. Also check to see if they have explicit permissions granted that permit them to create tables or alter the schema containing the tables. Use the sp_helprotect stored procedure in SQL Server 2000 or query the sys.database_permissions catalog view in SQL Server 2005/2008/2008R2.
(comments are locked)
|
|
Like there are db_denydatareader and db_denydatawriter fixed roles which given to an individual user would override roles inherited from Windows Groups, I'd like to see a db_denyddladmin fixed role, to solve the scenario: "Allow everyone in the Windows group Statistic Creators except user A and user B to create new views, alter table A, table B and table C"
(comments are locked)
|
