How can I grant read-only access to my SQL Server 2008 database?

sql-server sql-server-2008 permissions
10,928

Solution 1

I usually do something along these lines:

USE [test]
GO
CREATE USER [ReadOnlyUser] FOR LOGIN [LOCALNT\ReadOnlyNTUser]
GO
EXEC sp_addrolemember N'db_datareader', N'ReadOnlyUser'

Solution 2

The first step is to create a user with only db_datareader permissions.

But don't stop there. If this is a login for an actual person that can run any SELECT query they want, they can still cause a lot of problems for a database. This common issue here isn't even a malicious user — just someone who is ignorant about your indexing, performance tuning, and efficient query writing. It's very easy to create a denial of service situation on an sql box this way.

I only know how to do this on a per-query basis, but here at least I know a couple options:

  1. Limit records returned via SET ROWCOUNT.
  2. Use SET QUERY_GOVERNOR_COST_LIMIT. (Note that tuning this can be tricky).

To force a user to include these in their queries, in the past I've used a stored procedure that first executed the appropriate SETs before running the supplied query (in the context of the correct read-only user).

Share:
10,928

Related videos on Youtube

Adrian Grigore
Author by

Adrian Grigore

Please visit my development blog at http://devermind.com if you'd like to learn more about me.

Updated on September 17, 2022

Comments

  • Adrian Grigore
    Adrian Grigore over 1 year

    I'm trying to grant read-only access (in other words: select queries only) to a user account on my SQL Server 2008 R2 database. Which rights do I have to grant to the user to make this work?

    I've tried several kinds of combinations of permissions on the server and the database itself, but in all cases the user could still run update queries or he could not run any queries (not even select) at all. The error message I always got was

    The server principal "foo" is not able to access the database "bar" under the current security context.

    Thanks for your help,

    Adrian

  • Adrian Grigore
    Adrian Grigore over 13 years
    I understand, but what do you propose as a workaround? Can I somehow restrict the user's resource usage?
  • Joel Coel
    Joel Coel over 13 years
    @Adrian Updated my answer.
  • Ryan Ferretti
    Ryan Ferretti over 13 years
    If you want to use resource governor, just use resource governor. Don't hack the users query to stuff these settings in.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to enable a SQL Server 2008 login to access a directory on another server
The database myDb is not accessible. (ObjectExplorer)
SQL Server 2012 with account NT Service\MSSQLSERVER access is denied in domain
What can user do with VIEW SERVER STATE permissions?
SQL Server: Cannot grant, deny, or revoke permissions to sa, dbo, entity owner, information_schema, sys, or yourself
GRANT EXECUTE to all stored procedures
Access denied for enabled xp_cmdshell for the admin user
Permissions Issue running SSIS package from Sql Job
How do I create a passthrough query in access using a DSN-less connection?
SqlServer and nvarchar(max)