I have a user that belongs to a role. This role only has select permissions
on 10 views. When I log in as this user via Management Studio I cannot see
the views however I can execute queries against them.
On another server that I did not setup, that I'm supposed to be mimicking
the same security, this same user can see the views.
Any ideas what the difference is?
Thanks!Here's the commands that I'm executing in order:
CREATE ROLE [Customers_ROLE] Authorization dbo
CREATE SCHEMA [Customers_Schema] AUTHORIZATION [Customers_Role] Deny
View
Definition to [Customers_Role]
exec sp_adduser 'phenson', 'phenson', [Customers_Role]
GRANT SELECT ON [dbo].[PT_VIEW] TO [Customers_Role]
When I log in as phenson I do not see PT_View but I can query on it. I need
to be able to see it.
"SpankyATL" wrote:
> I have a user that belongs to a role. This role only has select permissio
ns
> on 10 views. When I log in as this user via Management Studio I cannot se
e
> the views however I can execute queries against them.
> On another server that I did not setup, that I'm supposed to be mimicking
> the same security, this same user can see the views.
> Any ideas what the difference is?
> Thanks!|||I thought I'd answer my own question for those of you who come across this
some day. I need to remove the "Deny View Definition" portion and that took
care of it. The user was able to see that view and execute it but could not
see the script.
"SpankyATL" wrote:
[vbcol=seagreen]
> Here's the commands that I'm executing in order:
> CREATE ROLE [Customers_ROLE] Authorization dbo
> CREATE SCHEMA [Customers_Schema] AUTHORIZATION [Customers_Role] De
ny View
> Definition to [Customers_Role]
> exec sp_adduser 'phenson', 'phenson', [Customers_Role]
> GRANT SELECT ON [dbo].[PT_VIEW] TO [Customers_Role]
>
> When I log in as phenson I do not see PT_View but I can query on it. I ne
ed
> to be able to see it.
> "SpankyATL" wrote:
>|||SpankyATL (SpankyATL@.discussions.microsoft.com) writes:
> Here's the commands that I'm executing in order:
> CREATE ROLE [Customers_ROLE] Authorization dbo
> CREATE SCHEMA [Customers_Schema] AUTHORIZATION [Customers_Role] De
ny View
> Definition to [Customers_Role]
> exec sp_adduser 'phenson', 'phenson', [Customers_Role]
> GRANT SELECT ON [dbo].[PT_VIEW] TO [Customers_Role]
>
> When I log in as phenson I do not see PT_View but I can query on it. I
> need to be able to see it.
Why then did you do DENY VIEW DEFINITION to a role that you made phenson a
member of?
Erland Sommarskog, SQL Server MVP, esquel@.sommarskog.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pr...oads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodin...ions/books.mspx|||I was working from a script that was given to me. The person who developed
it mistakenly thought deny view would only deny the user from viewing the
source code.
"Erland Sommarskog" wrote:
> SpankyATL (SpankyATL@.discussions.microsoft.com) writes:
> Why then did you do DENY VIEW DEFINITION to a role that you made phenson a
> member of?
>
> --
> Erland Sommarskog, SQL Server MVP, esquel@.sommarskog.se
> Books Online for SQL Server 2005 at
> http://www.microsoft.com/technet/pr...oads/books.mspx
> Books Online for SQL Server 2000 at
> http://www.microsoft.com/sql/prodin...ions/books.mspx
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment