Deny insert/delete for all users in SQL Server 2005

dba.stackexchange https://dba.stackexchange.com/questions/12277

  •  16-10-2019
  •  | 
  •  

Question

In our database we have about 20 users, that is used be some program (and users are added with this program). Now there was new requirement to use 2 database and do not allow delete data from one database.

What would be easiest way to deny insert/delete access for some tables (not all)? All users have db_datareader, db_datawriter.

Was it helpful?

Solution

It would be confusing if you granted someone db_datawriter and then denied them delete rights. So if you can, remove them from the db_datawriter and then grant them the rights they need:

create role role_MyApp
grant select, insert on Table1 to role_MyApp
...
exec sp_adduserrole 'role_MyApp, 'User1'

OTHER TIPS

Deny all modifying operations to public db role or if it is possible - set the DB into read-only mode

or

place tables that shoupd be unmodified onto read-only filegroup

Licensed under: CC-BY-SA with attribution
Not affiliated with dba.stackexchange
scroll top