Solved

db_denydatareader vs public access

Posted on 2013-10-22
3
523 Views
Last Modified: 2013-11-04
with public access, the user can generally read something.. with db_denydatareader on a database, are we denying 100% read possibility - is that the reason to add this to an existing user?
0
Comment
Question by:25112
3 Comments
 
LVL 30

Assisted Solution

by:Alexandre Simões
Alexandre Simões earned 250 total points
ID: 39593320
Short answer: Yes.

This will always override db_datareader, so a user that, for instance, belongs to 2 groups will see its read access denied if db_denydatareader is in at least one of them.

Try to avoid adding user specific permissions.
Creating groups will make roles management a lot easier.
0
 
LVL 13

Accepted Solution

by:
geek_vj earned 250 total points
ID: 39596439
I believe you are talking about 'Public' server role.
If yes, then the logins which were assigned to public role will have access to system views (read access) where as members of the db_denydatareader fixed database role cannot read any data in the user tables within a database.

Hope this helps!
0
 
LVL 5

Author Comment

by:25112
ID: 39622430
thx!
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Addition to SQL for dynamic fields 6 56
Script to backup a Database Dayli on SQL Server Express 3 22
TSQL Challenge... 7 43
SQL Server Express or Standard? 5 18
There have been several questions about Large Transaction Log Files in SQL Server 2008, and how to get rid of them when disk space has become critical. This article will explain how to disable full recovery and implement simple recovery that carries…
Naughty Me. While I was changing the database name from DB1 to DB_PROD1 (yep it's not real database name ^v^), I changed the database name and notified my application fellows that I did it. They turn on the application, and everything is working. A …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question