Results 1 to 3 of 3
  1. #1
    Join Date
    Mar 2004

    Unanswered: Security question

    I have a Windows Group called 'Domain Users' that accesses my database. I need to restrict access to a specific table for all but 4 of those users. I clicked on the table and denied 'SELECT' in the permissions dialog for Domain Users. This worked fine but I haven't been able to get the 4 members that I want to have permission......well, permission. I tried created separate logins (windows user) for them and grant permission to the table but that didn't work. I also tried to create a separate role and add them to it but that didn't work either.

    I suppose that I could create a separate login for each user but that seems like a lot of work.

    Before I do that does anyone have any suggestions?

  2. #2
    Join Date
    Apr 2004
    Kansas City, MO
    Couple things here:

    1. Don't have "Domain Users" in your SQL Server. That's EVERY user in the domain.
    2. If you DENY at any level, an other level that touches the object is denied regardless of what permissions you give.
    When life gives you a lemon, fire the DBA.

  3. #3
    Join Date
    Jul 2003
    San Antonio, TX
    Create a new Windows Security Group - "AllBut4", and add this group to db_datareader db role of your database. Remove "Domain Users" from your SQL Server.
    "The data in a record depends on the Key to the record, the Whole Key, and
    nothing but the Key, so help me Codd."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts