Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2004-01-16 : 08:02:46
|
| Steve writes "Here's my scenario. We have SQL Server 2000 setup on a remote machine. We have developers that need access to database tables for lookups/data changes using Enterprise Manager. I want to limit the developer's Windows NT account to data changes only (similar to the db_datareader and db_datawriter but for *all* databases/tables), including any future databases/tables that are added.I noticed that the "System Administrator" Server Role contains Permissions titled "SELECT permission on any object" and "UPDATE permission on any object". Are there any scripts out there that will allow me to add a custom Server Role that only allows these permissions pertaining to data modification? That way I can just add the NT accounts to this Server Role and it will work globally...Any feedback is appreciated.SteveBTW - There were a few articles regarding Server Roles on your site that did not appear to be working." |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2004-01-16 : 08:07:40
|
| You can't create new server roles unfortunately, and you absolutely SHOULD NOT make anyone a system admin unless they truly are a system admin.Add the user(s) to the model database and add them to the proper roles in model. When a new DB is created it will copy the contents of model. |
 |
|
|
|
|
|
Creating a Custom Server Role