SQl server DB permission questions
I want to know, if I assign a person with dbreader, dbwriter and ddladmin permissions, I just need to check ddladmin box, this permision should dbreader and dbwriter. So, I don't need to check dbreader and dbwriter boxes, only need to check ddladmin. Is this correct? Further more, if choose dbowner, that should include dbreader, dbwriter and ddladmin permissions, correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
DDL are data definition operations. Reading and Writing to a database are data access and manipulation operations (i.e. DML operations) and hence do not overlap with DDL permissions, i.e. they are mutually exclusive.
Defining ddladmin will NOT grant dbreader and dbwriter automatically. You will need to grant all 3 permissions separately.
As far as the db_owner is concerned, granting db_owner gives full control of the database. It's a powerful role - use it with care.
Defining ddladmin will NOT grant dbreader and dbwriter automatically. You will need to grant all 3 permissions separately.
As far as the db_owner is concerned, granting db_owner gives full control of the database. It's a powerful role - use it with care.
You can instead just grant the create, alter, drop for the various objects and then add the db_datareader and db_datawriter roles.
If you doing this for the multiple users then create a new role and grant the permissions to the role and assign the user to the role.
db_owner - Members of the db_owner fixed database role can perform all configuration and maintenance activities on the database, and can also drop the database in SQL Server. (In SQL Database and SQL Data Warehouse, some maintenance activities require server-level permissions and cannot be performed by db_owners.)
If you still have question on this, please use below URL. it will help.
https://msdn.microsoft.com/en-IN/library/ms189121.aspx
Enjoy ! please let me know in case of nay questions.