Home > Archive > MS SQL Server security > September 2005 > Difference between db_datareader and db_denydatawriter









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author Difference between db_datareader and db_denydatawriter
sajid_yusuf@yahoo.com

2005-09-06, 7:23 am

Hi! I was just wondering that db_datareader and db_denydatawriter roles
look like doing the same function. I have read some threads on this
topic but they are not very clear. Can I have any comments on the
difference? I will be really obliged.

Thanks in advance

Kind regards,

Brian Lawton

2005-09-06, 7:23 am

db_denydatawriter explicitly remove the ability for an id to modify any user
data within the database without respect to its ability to read. Read
privileges have to be managed elsewhere.

db_datareader on the other hand allows an id to read all user data within
the database without respect to its ability to modify the data. Data
modification privileges are managed elsewhere.

--
--Brian
(Please reply to the newsgroups only.)


<sajid_yusuf@yahoo.com> wrote in message
news:1126004382.797483.258770@g14g2000cwa.googlegroups.com...
> Hi! I was just wondering that db_datareader and db_denydatawriter roles
> look like doing the same function. I have read some threads on this
> topic but they are not very clear. Can I have any comments on the
> difference? I will be really obliged.
>
> Thanks in advance
>
> Kind regards,
>


Sue Hoegemeier

2005-09-06, 7:23 am

db_datareader allows reading data
db_denydatawriter explicitly denies updates, deletes.
User permissions are cumulative with deny taking precedence.
Explicitly denying permissions will prevent the user from
gaining permissions based on their membership in a group or
role (other than sysadmin which can't be denied anything) or
other explicit grants.
Some people put users in both roles to ensure that they can
only read data.

-Sue

On 6 Sep 2005 03:59:42 -0700, sajid_yusuf@yahoo.com wrote:

>Hi! I was just wondering that db_datareader and db_denydatawriter roles
>look like doing the same function. I have read some threads on this
>topic but they are not very clear. Can I have any comments on the
>difference? I will be really obliged.
>
>Thanks in advance
>
>Kind regards,

Sponsored Links





Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive | Programming forum archive

Copyright 2008 droptable.com