Solved

db_denydatareader vs public access

Posted on 2013-10-22
3
533 Views
Last Modified: 2013-11-04
with public access, the user can generally read something.. with db_denydatareader on a database, are we denying 100% read possibility - is that the reason to add this to an existing user?
0
Comment
Question by:25112
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Assisted Solution

by:Alexandre Simões
Alexandre Simões earned 250 total points
ID: 39593320
Short answer: Yes.

This will always override db_datareader, so a user that, for instance, belongs to 2 groups will see its read access denied if db_denydatareader is in at least one of them.

Try to avoid adding user specific permissions.
Creating groups will make roles management a lot easier.
0
 
LVL 13

Accepted Solution

by:
geek_vj earned 250 total points
ID: 39596439
I believe you are talking about 'Public' server role.
If yes, then the logins which were assigned to public role will have access to system views (read access) where as members of the db_denydatareader fixed database role cannot read any data in the user tables within a database.

Hope this helps!
0
 
LVL 5

Author Comment

by:25112
ID: 39622430
thx!
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After restoring a Microsoft SQL Server database (.bak) from backup or attaching .mdf file, you may run into "Error '15023' User or role already exists in the current database" when you use the "User Mapping" SQL Management Studio functionality to al…
How to leverage one TLS certificate to encrypt Microsoft SQL traffic and Remote Desktop Services, versus creating multiple tickets for the same server.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question