Create Read-Only Database User in SQL Server

Create Read-Only Database User in SQL Server

Category: Databases
Hits: 82469
The following describes how to setup a database user with read-only access to the AdventureWorks database.

Using SQL Server Management Studio 2008:
  1. Connect to your database server.
  2. Expand Security > Logins.
  3. Right-click on the user who will be set as having read-only access (in this example "adventureworksro").
  4. Select Properties.
  5. Select User Mapping.
  6. Map the login to the database they will have access to.
  7. Tick the boxes for role membership next to public and db_datareader.
  8. Confirm by clicking OK.
You should get something like the following:
Login Properties - Adventureworksro


Database-level role names

from http://msdn.microsoft.com/en-us/library/ms189121(SQL.100).aspx

db_accessadmin

Members of the db_accessadmin fixed database role can add or remove access to the database for Windows logins, Windows groups, and SQL Server logins.

db_backupoperator

Members of the db_backupoperator fixed database role can back up the database.

db_datareader

Members of the db_datareader fixed database role can read all data from all user tables.

db_datawriter

Members of the db_datawriter fixed database role can add, delete, or change data in all user tables.

db_ddladmin

Members of the db_ddladmin fixed database role can run any Data Definition Language (DDL) command in a database.

db_denydatareader

Members of the db_denydatareader fixed database role cannot read any data in the user tables within a database.

db_denydatawriter

Members of the db_denydatawriter fixed database role cannot add, modify, or delete any data in the user tables within a database.

db_owner

Members of the db_owner fixed database role can perform all configuration and maintenance activities on the database, and can also drop the database.

db_securityadmin

Members of the db_securityadmin fixed database role can modify role membership and manage permissions. Adding principals to this role could enable unintended privilege escalation.


In theory, a user who can do nearly everything but modify access and security permissions:
Database Role Membership - All but Security
Category: Databases :: Article: 306

Comments

Not rated
Mike Kurn
0
Mike Kurn
10 years ago
Thank you very much for the information. As a JR.DBA I need all the help I can get!
Like Like
Reply | Reply with quote | Quote
Martin Kornet
0
Martin Kornet
10 years ago
Thnx voor the explanation great!
Like Like
Reply | Reply with quote | Quote
fely
1
fely
11 years ago
I created a new login and a new user and I mapped a database in SQL Server 2012. In the login properties in Securables, we selected permissions "deny" for "View any database" for the user to see only the specified database.

The problem is that the user does not see any database.

If I select "Grant" to "View any database", user can see all databases. How can I make the user can see only the specified database?
Like Like
Reply | Reply with quote | Quote
View replies
WebmasterLegacy
1
WebmasterLegacy
11 years ago
Hi Fely,

I'm so jealous as we're still on SQL Server 2008 R2. I'm also not 100% sure if the problem happens in v2012 for security reasons. I figure you add users to individual databases and not to the overall database server. The creating user will more than often have db_owner privileges. I can only suggest checking the other databases that this user is not allowed to access and set the db_denydatareader for them...
Like Like
Reply | Reply with quote | Quote
Coverskin
0
Coverskin
11 years ago
Thank you very much for posting and sharing this great article. It is so interesting. I want to know some other information about this site. So please give me this news quickly. I always will be aware of you.
Like Like
Reply | Reply with quote | Quote
krishna leo
0
krishna leo
12 years ago
:D wow it works grat
Like Like
Reply | Reply with quote | Quote
Hadoop map
0
Hadoop map
13 years ago
Excellent post.. Keep it up.
Like Like
Reply | Reply with quote | Quote
Ecommerce Designer
0
Ecommerce Designer
13 years ago
That’s such a great post!
Like Like
Reply | Reply with quote | Quote
Ramu
2
Ramu
13 years ago
Excellent i got more points..
Like Like
Reply | Reply with quote | Quote

Add comment

Your rating:

Submit

Credit where Credit is Due:


Feel free to copy, redistribute and share this information. All that we ask is that you attribute credit and possibly even a link back to this website as it really helps in our search engine rankings.

Disclaimer: Please note that the information provided on this website is intended for informational purposes only and does not represent a warranty. The opinions expressed are those of the author only. We recommend testing any solutions in a development environment before implementing them in production. The articles are based on our good faith efforts and were current at the time of writing, reflecting our practical experience in a commercial setting.

Thank you for visiting and, as always, we hope this website was of some use to you!

Kind Regards,

Joel Lipman
www.joellipman.com

Latest Articles

Accreditation

Badge - Certified Zoho Creator Associate
Badge - Certified Zoho Creator Associate

Donate & Support

If you like my content, and would like to support this sharing site, feel free to donate using a method below:

Paypal:
Donate to Joel Lipman via PayPal

Bitcoin:
Donate to Joel Lipman with Bitcoin bc1qf6elrdxc968h0k673l2djc9wrpazhqtxw8qqp4

Ethereum:
Donate to Joel Lipman with Ethereum 0xb038962F3809b425D661EF5D22294Cf45E02FebF

Joes Word Cloud

Please publish modules in offcanvas position.