Post reply

Another question about security

  • September 20, 2007 at 5:54 am

    #95343

    Hi all,

    Can anyone explain me this

    a) on database I create view like this:

    create view dbo.v_test

    as

    select * from TableA

    b) then I create a sql user named “Test” with public role to that DB and only this permission:

    grant select on v_test to test

    deny select on TableA to test

    after that, when I log on with that user, I can’t "select * from TableA", but I CAN "select * from v_test" even I DENY select on that object!

    I thought that deny override every grant?

  • September 20, 2007 at 7:08 am

    #734909

    The behaviour you're seeing is perfectly normal and intended. The DENY overruling andy over grants only applies to grants on the same object.

    For example if your testuser is also memebr of a group or role which has been granted select permission on the table. When all memebrs of that role can select from the table , except testuser.

    Markus

    [font="Verdana"]Markus Bohse[/font]

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply