I've tried to use the db_denydatawriter role to make sure the default rule is to deny and then added some explicit update/delete privileges to specific tables and the deny is still enforced. I could instead not use db_denydatawriter and set individual table permissions, but I was trying to avoid new tables being added and people forgetting to apply deny write permissions to them. Any ideas?
asked Mar 25, 2010 at 11:08 AM in Default
Deny takes precedence over grant, so instead of denying access to everything, you should only grant access to the stuff that you want them to have access to.
answered Mar 25, 2010 at 11:16 AM
Grant Fritchey ♦♦