Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
rhofing
Starting Member
15 Posts |
 Posted - 2001-11-21 : 10:19:00
|
| I need a little help understanding something about security: I have created a login (test1), with no server role, database access is Pubs. In Pubs I create a user called test and set the role to db_datareader as I want this user to be able to read data in the Puibs db ONLY.I tested this by connecting with Query Analyzer. I attempted to update the Authors table and it let me do it. I have to also set db_denydatawriter so that this user cannot update Pubs.Also, after I have done this the user is able to update other db's (ie Northwind).Can someone help me understand this? I would have thought that setting db_datareader would only permit reading data in the specified database. I want to be able to create a login/user that can only read data in a specific database. |
|
|
|
|
|
SQL Server 7 Security question...