question

artistlover avatar image
artistlover asked

security user roles

I need to break down in basic English what each role does and does not do so we can try to lock down databases. Anyone know of anything already out there somewhere for end user not what is on msdb?
roles
5 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

artistlover avatar image artistlover commented ·
What would be programmer that can create stored procedure but not delete at all.
0 Likes 0 ·
Dave_Green avatar image Dave_Green ♦ artistlover commented ·
There isn't a predefined role for what you're asking - and so you need to grant the permission manually (or you could create a group and grant the permission to the group). If they are using a schema which they own, then use GRANT CREATE PROCEDURE TO . If they're using dbo however then the situation is a little more complicated - see http://www.sqlservercentral.com/Forums/Topic990818-359-1.aspx and http://bytes.com/topic/sql-server/answers/538879-create-procedure-permission-only for more information.
0 Likes 0 ·
artistlover avatar image artistlover commented ·
What role would allow users to write views and change data but NOT change db objects (delete columns, change data types, delete tables)
0 Likes 0 ·
artistlover avatar image artistlover artistlover commented ·
ok i'm getting there. using grant and revoke. When giving grant create stored procedures it allows them to delete them also. So that isn't what i wanted.
0 Likes 0 ·
artistlover avatar image artistlover artistlover commented ·
I have this user correct except they can still delete. I've tried deny delete command, i have clicked deny in premissions section of the database, i have clicked on user in the database and gone to user mapping. I'm wondering if a delete trigger would work. For anything in the database? If so does anyone know how to write that trigger?
0 Likes 0 ·

1 Answer

·
Dave_Green avatar image
Dave_Green answered
Hello, I'm not sure what level of explanation you are trying to achieve, but a simple Google query has yielded [these][1] [three][2] [pages][3]. Take a look through and let us know which aspects of the roles you don't understand? [1]: http://www.mssqltips.com/sqlservertip/1900/understanding-sql-server-fixed-database-roles/ [2]: https://www.simple-talk.com/sql/database-administration/sql-server-security-cribsheet/#eighth [3]: http://www.techrepublic.com/article/understanding-roles-in-sql-server-security/
1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

artistlover avatar image artistlover commented ·
That is perfect. I think i was making it to complicated. Thank you.
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.