Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
sqldba20
Posting Yak Master
183 Posts |
 Posted - 2010-08-24 : 14:34:58
|
| How to restrict 'truncate table' in a database from a user?Thanks ! |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2010-08-24 : 14:38:25
|
From BOL:quote:
The minimum permission required is ALTER on table_name. TRUNCATE TABLE permissions default to the table owner, members of the sysadmin fixed server role, and the db_owner and db_ddladmin fixed database roles, and are not transferable. However, you can incorporate the TRUNCATE TABLE statement within a module, such as a stored procedure, and grant appropriate permissions to the module using the EXECUTE AS clause.
So to remove that permission, you'll need to deny ALTER, remove sysadmin, db_owner or db_ddladmin. In essence, give the user only the permissions it needs.Tara KizerMicrosoft MVP for Windows Server System - SQL Serverhttp://weblogs.sqlteam.com/tarad/Subscribe to my blog |
 |
|
|
sqldba20
Posting Yak Master
183 Posts |
Posted - 2010-08-24 : 15:47:14
|
Cannot even restrict truncate table by using DDL Database Trigger, right?Thanks !quote:
Originally posted by tkizer
From BOL:quote:
The minimum permission required is ALTER on table_name. TRUNCATE TABLE permissions default to the table owner, members of the sysadmin fixed server role, and the db_owner and db_ddladmin fixed database roles, and are not transferable. However, you can incorporate the TRUNCATE TABLE statement within a module, such as a stored procedure, and grant appropriate permissions to the module using the EXECUTE AS clause.
So to remove that permission, you'll need to deny ALTER, remove sysadmin, db_owner or db_ddladmin. In essence, give the user only the permissions it needs.Tara KizerMicrosoft MVP for Windows Server System - SQL Serverhttp://weblogs.sqlteam.com/tarad/Subscribe to my blog
|
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2010-08-24 : 16:15:46
|
can't. go with Tara's first suggestion.from BOLquote:
TRUNCATE TABLE cannot activate a trigger because the operation does not log individual row deletions
further, it doesn't fire an ALTER event of any type, so a database or DDL trigger won't work either.best not to give em those permissions in the first place |
|
|
|
|
|
|
|
|
Restrict Truncate table?