Sunday, March 25, 2012

Difference between db_datareader and db_denydatawriter

Hi! I was just wondering that db_datareader and db_denydatawriter roles
look like doing the same function. I have read some threads on this
topic but they are not very clear. Can I have any comments on the
difference? I will be really obliged.
Thanks in advance
Kind regards,db_denydatawriter explicitly remove the ability for an id to modify any user
data within the database without respect to its ability to read. Read
privileges have to be managed elsewhere.
db_datareader on the other hand allows an id to read all user data within
the database without respect to its ability to modify the data. Data
modification privileges are managed elsewhere.
--Brian
(Please reply to the newsgroups only.)
<sajid_yusuf@.yahoo.com> wrote in message
news:1126004382.797483.258770@.g14g2000cwa.googlegroups.com...
> Hi! I was just wondering that db_datareader and db_denydatawriter roles
> look like doing the same function. I have read some threads on this
> topic but they are not very clear. Can I have any comments on the
> difference? I will be really obliged.
> Thanks in advance
> Kind regards,
>|||db_datareader allows reading data
db_denydatawriter explicitly denies updates, deletes.
User permissions are cumulative with deny taking precedence.
Explicitly denying permissions will prevent the user from
gaining permissions based on their membership in a group or
role (other than sysadmin which can't be denied anything) or
other explicit grants.
Some people put users in both roles to ensure that they can
only read data.
-Sue
On 6 Sep 2005 03:59:42 -0700, sajid_yusuf@.yahoo.com wrote:

>Hi! I was just wondering that db_datareader and db_denydatawriter roles
>look like doing the same function. I have read some threads on this
>topic but they are not very clear. Can I have any comments on the
>difference? I will be really obliged.
>Thanks in advance
>Kind regards,

No comments:

Post a Comment