server. I want to set up a standard SQL account but I
only want this account to have READ-ONLY privledges
(select) to tables and views and execute on sp's.
Basically this is a standard account we are setting up
that will be used for reporting and if I give this
account/pw out I only want these people to read data and
not change it.
What is the standard practice to set up this account?
Public access only to selected databases? Specific
select and execute privledges that I have to set up (a
pain though because I have alot of tables and views and I
don't want to pick and choose just give select on all
tables and views and execute on SPs)
Thanks!!
-RichardCheck the permissions on public, you want to restrict these. assign the
account db_datareader role, which gives him permissions to read on all
objects
Regards,
Dandy Weyn
MCSE, MCSA, MCDBA, MCT
www.dandyman.net
"Richard K" <anonymous@.discussions.microsoft.com> wrote in message
news:016f01c3c5a1$b3726110$a501280a@.phx.gbl...
quote:|||You could grant the users in the database db_datareader role.
> Quick question. I have SQL 2000 with 3 databases on the
> server. I want to set up a standard SQL account but I
> only want this account to have READ-ONLY privledges
> (select) to tables and views and execute on sp's.
> Basically this is a standard account we are setting up
> that will be used for reporting and if I give this
> account/pw out I only want these people to read data and
> not change it.
> What is the standard practice to set up this account?
> Public access only to selected databases? Specific
> select and execute privledges that I have to set up (a
> pain though because I have alot of tables and views and I
> don't want to pick and choose just give select on all
> tables and views and execute on SPs)
> Thanks!!
> -Richard
See: Adding a Member to a Predefined Role in Books Online.
Fixed database roles, which can be created, are defined at the database
level and exist in each database. You can add any valid user account (a
Windows NT 4.0 or Windows 2000 user or group, or a SQL Server user or role)
as a member of a fixed database role. Each member gains the permissions
applied to the fixed database role. Any member of a fixed database role can
add other users to the role
db_datareader : Sees all data from all user tables in the database.
Then, you'd still need to grant execute on the stored procs.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
No comments:
Post a Comment