Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
dolphin123
Yak Posting Veteran
84 Posts |
 Posted - 2013-08-15 : 09:43:54
|
| Hello,Version: SQL server 2008I created a Windows SQL server account, not a SQL account (i.e. added an account that is on AD. Added "public" and "db_owner" permission to a database.when that user runs a simple "delete" command, he gets "delete permission denied" error. When I give him "server role" sys admin, he is able to run this command. I really thought db_owner permission should give him to run any scripts except for some hardcore permission changed on that database.Am I wrong? Or is something wrong with this user.I even tried deleting his accounts from the database (Database - users) and re adding him but it doesn't work.- D |
|
|
Hommer
Aged Yak Warrior
808 Posts |
Posted - 2013-08-15 : 11:41:56
|
| Have you mapped or added that user to the db_owner database role? |
 |
|
|
jeffw8713
Aged Yak Warrior
819 Posts |
Posted - 2013-08-19 : 14:35:41
|
| Is that user a part of an AD security group - where that security group has explicitly been denied delete access to the tables? |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
|
|
Bustaz Kool
Master Smack Fu Yak Hacker
1834 Posts |
Posted - 2013-08-19 : 18:18:15
|
| Is there a trigger on the table?=================================================The cure for anything is salt water -- sweat, tears, or the sea. -Isak Dinesen |
|
|
|
dolphin123
Yak Posting Veteran
84 Posts |
Posted - 2014-06-25 : 12:11:32
|
This is unbelievable.Here is the summary===================There user belongs to 7 AD user groups that has an account on this SQL server instance.Only one of them has access to the Database in question. (When I select Security - Logins - User Mapping). And this group has db_owner permission on the database (If I see in Usermapping for the database; Server role is public).On the the database, i did this:select * from sys.database_permissionswhere grantee_principal_id in (USER_ID('domainname\Group'))it returns this:http://screencast.com/t/alTPJbmZPXArSo, i guess this is ok. or should it say "Delete" under "permissions" column there?So confused with this issue. |
|
|
|
rajbtm05
Starting Member
3 Posts |
Posted - 2014-07-09 : 03:51:40
|
| It so happens with few database objects that user with db_owner role is not able to perform the required operations. For a workaround, you can exclusively grant delete privileges on the objects required using GRANT DELETE. If you want to review further on the cause, look for the login 'dbo' is mapped to and reset owner to 'sa'. |
|
|
|
|
|
|
|
|
Delete permission Denied