Solved

How to Determine Database Access

Posted on 2014-03-19
3
216 Views
Last Modified: 2014-03-20
I understand that for a SQL Login to have access to a particular database, one of the following things has to occur:

1.Explicit access is granted.
2.The login is a member of the sysadmin fixed server role.
3.The login has CONTROL SERVER permissions (SQL Server 2005/2008 only).
4.The login is the owner of the database.
5.The guest user is enabled on the database.

However, I'd like to know what other conditions have to be true for a user to have access to a database. For example, ownership, etc.

Thanks!

--------------------------------------------------------------------------------
0
Comment
Question by:VicBel
3 Comments
 
LVL 40

Accepted Solution

by:
lcohan earned 500 total points
ID: 39940686
I suggest you use the following:

The SQL Login belongs to a "SQL Database Role" having specific rights to all objects in that database. This assuming that login is not used for Development.


http://technet.microsoft.com/en-us/library/dd283095(v=sql.100).aspx

http://blogs.msdn.com/b/sqlsecurity/archive/2011/08/25/database-engine-permission-basics.aspx
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39940915
@Icohan's second link describes what I've done.  I create a login using SQL Server auth and then give that login specific permissions on the database I want them to use making them a 'database user' as described in the article.  No ownership, no roles, nothing more.  You can then use that 'username' and 'password' in a connection string which will give them access to the database and the functions that you have given them permissions to use.
0
 
LVL 8

Expert Comment

by:Andrei Fomitchev
ID: 39941610
Access could be different: read only, drop table, create procedure, view object definition.

There is a couple USER - LOGIN with the same SID. Very often USER NAME and LOGIN NAME are the same.

LOGIN defines connection to the MS SQL Server Instance.
USER defines - what access to the database LOGIN has.

One LOGIN has a USER for every database where access is needed.
USE database
CREATE user FOR LOGIN login.

What LOGIN can do with a database defined by GRANT  access rights to the USER. It could be different in different databases.

There are predefined roles as you mentioned: db_datareader, db_datawriter, db_owner, db_dlladmin etc.
You can create your own role and GRANT to it something like GRANT EXECUTE ON proc_name TO role (or to user). Then you can add the user to the role.

A role is the set of GRANTs. You can GRANT right TO user without role.
--------
So, in SSMS go to Security and create NEW LOGIN
Right click on LOGIN - choose Properties
Set default database, language
Skip server role
Tab "Mapping"
Click on database to which you need the access
Fill User (default = login name), default schema (usually dbo)
Bottom table defines access you needed - choose as many roles as required
Click OK - it will create the user

Expand database --> Security --> Users
Right click on the user --> Properties
Fill parameters / choose options ----- You will see here many access options for the user for this database.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL query for highest sequence 4 59
SQL Rewrite without the NULLIF 4 25
Star schema daily updates 2 33
Converting Stored Procedure to SQL Statement 5 36
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
Via a live example, show how to setup several different housekeeping processes for a SQL Server.
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question