Deny insert/delete for all users in SQL Server 2005
-
16-10-2019 - |
Question
In our database we have about 20 users, that is used be some program (and users are added with this program). Now there was new requirement to use 2 database and do not allow delete data from one database.
What would be easiest way to deny insert/delete access for some tables (not all)? All users have db_datareader
, db_datawriter
.
Solution
It would be confusing if you granted someone db_datawriter
and then denied them delete
rights. So if you can, remove them from the db_datawriter
and then grant them the rights they need:
create role role_MyApp
grant select, insert on Table1 to role_MyApp
...
exec sp_adduserrole 'role_MyApp, 'User1'
OTHER TIPS
Deny all modifying operations to public db role or if it is possible - set the DB into read-only mode
or
place tables that shoupd be unmodified onto read-only filegroup
Licensed under: CC-BY-SA with attribution
Not affiliated with dba.stackexchange