• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 347
  • Last Modified:

database roles and default view permissions

is there documentation of what view permissions (in SSMS) each database role gets by default?

for example, datawriter- what does he get to see in SSMS?

thanks
0
anushahanna
Asked:
anushahanna
  • 2
  • 2
3 Solutions
 
SharathData EngineerCommented:
Run these SPs and see the result.

exec sp_dbfixedrolepermission
exec sp_helpdbfixedrole

Open in new window

0
 
Aaron ShiloCommented:
Fixed database roles are defined at the database level and exist in each database. You cannot add, delete or modify fixed database roles. You can only add users as a member of a fixed database role.

There are nine fixed database roles:


db_owner
db_accessadmin
db_datareader
db_datawriter
db_ddladmin
db_securityadmin
db_backupoperator
db_denydatareader
db_denydatawriter

The members of db_owner database role can perform any activity in the database.

The members of db_accessadmin database role can add or remove Windows NT groups, users or SQL Server users in the database.

The members of db_datareader database role can see any data from all user tables in the database.

The members of db_datawriter database role can add, change, or delete data from all user tables in the database.

The members of db_ddladmin database role can make any data definition language commands in the database.

The members of db_securityadmin database role can manage statement and object permissions in the database.

The members of db_backupoperator database role can back up the database.

The members of db_denydatareader database role can deny permission to select data in the database.

The members of db_denydatawriter database role can deny permission to change data in the database.

Note. To add a security account as a member of an existing SQL Server database role in the current database, you can use the sp_addrolemember system stored procedure.

0
 
anushahannaAuthor Commented:
OK- So would the following be accurate:

db_owner/db_ddladmin  can see all objects in SSMS
db_accessadmin/db_securityadmin  can see logins and users only
db_datareader/db_datawriter/db_denydatareader/db_denydatawriter  will see all user tables
db_backupoperator can see only databases
0
 
Aaron ShiloCommented:
yep that pretty mutch soms it.
0
 
anushahannaAuthor Commented:
thanks!
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now