Sql server/azure connection string parameter for readonly access?
https://dba.stackexchange.com/questions/255734
-
20-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is there a specific parameter that can be used in a SQL server/azure connection string to specify that the connection should be readonly?
In other words, only SELECT queries should work but INSERT/UPDATE/DELETE and DDL statements should return an error.
I'm aware of the ApplicationIntent=ReadOnly parameter, but my understanding is that its purpose is to connect to read replicas. In my case, the target server might not have any read replica. In this case, would ApplicationIntent=ReadOnly be enough to make the conneciton read only even though it connects to the primary?
Solution
No, there is unfortunately no such connection string parameter. The "ApplicationIntent=ReadOnly" option is just used by the SQL driver to attempt to route your connection to a read only replica.
I'd suggest that, if there are users or processes that should only have read access to this database, you accomplish this using the built-in SQL Server permissions. In other words, only add those users / processes to the db_datareader database role if they are accessing tables and view directly.
If they are accessing data through stored procedures, be careful to only grant them EXECUTE permissions on the read procedures.
