db_denydatareader vs public access

with public access, the user can generally read something.. with db_denydatareader on a database, are we denying 100% read possibility - is that the reason to add this to an existing user?
LVL 5
25112Asked:
Who is Participating?
 
geek_vjConnect With a Mentor Commented:
I believe you are talking about 'Public' server role.
If yes, then the logins which were assigned to public role will have access to system views (read access) where as members of the db_denydatareader fixed database role cannot read any data in the user tables within a database.

Hope this helps!
0
 
Alexandre SimõesConnect With a Mentor Manager / Technology SpecialistCommented:
Short answer: Yes.

This will always override db_datareader, so a user that, for instance, belongs to 2 groups will see its read access denied if db_denydatareader is in at least one of them.

Try to avoid adding user specific permissions.
Creating groups will make roles management a lot easier.
0
 
25112Author Commented:
thx!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.