I have a SQL Server 2005 database where there was a setup like this:
dbo.table1 - this is the base table.
schema1.view1 - created as select * from dbo.table1
Owner of schema1 is user1
A user is created (user2) and granted select on schema1.view1
An error is generated about lacking permissions on demo.dbo.table1
As I understand it the only way to make this work would be to also grant select on table1 to user2 (which bypasses the whole need for the view).
I've over simplified the example but let's say for the sake of argument that table1 is a table that contains all sorts of personally identifiable information for an employee. Things like Social Security Number, home address, date of birth maybe even how much they get paid.
I want to set up a view so that someone else can read their employee id, name and maybe their address. I don't want them to be able to see SSN, DOB etc.
Is there a way around it in the example above or should the views just be created in dbo.
Example code below to show how to set up the example.
CREATE LOGIN [user1] WITH PASSWORD=N'user1', DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
CREATE LOGIN [user2] WITH PASSWORD=N'user2', DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
create user user1 for login user1;
create user user2 for login user2;
create schema schema1 authorization user1;
create table dbo.table1 (col1 int)
create view schema1.view1 as select * from dbo.table1
insert into dbo.table1 values (1);
grant select on schema1.view1 to user2;
Connect as User2
select * from schema1.view1
Msg 229, Level 14, State 5, Line 1
The SELECT permission was denied on the object 'table1', database 'demo', schema 'dbo'.