ansaurus

Question

Grant SELECT, UPDATE, INSERT, DELETE to all tables except 1 (or more) in SQL Server 2005

Answer 1

+3 A:

You can explicitly deny permissions which should take precedence. The syntax is

deny delete on dbo.users to username

Martin Smith 2010-08-10 11:08:03

So I can add db_datareader and db_datawriter and then separately exclude the permission on this specific table, and it should be fine?

Dominic Zukiewicz 2010-08-12 14:13:29

Yes. from MSDN `db_datawriter fixed database role can add, delete, or change data in all user tables.` so if you subtract the permissions on that table you should end up with the set you need.

Martin Smith 2010-08-12 15:45:22

Answer 2

A:

You can use a hacky cursor and sp_executeSQL (GRANT can't take a variable tablename)

declare ctable cursor for 
    select Name from sysobjects where type = 'u'

declare @Name sysname
declare @ExecSQL nvarchar(512)

open ctable
fetch next FROM ctable into @Name

while (@@FETCH_STATUS = 0)
    begin
        if (@Name <> 'MyTableToExclude')
        BEGIN
            SET @ExecSQL = 'grant SELECT on ' + @Name + ' to PUBLIC'
            EXEC sp_executesql @ExecSQL

... etc

        END
        fetch next FROM ctable into @Name
    end
close ctable
deallocate ctable

Minor ... note that you can't grant exec on tables ;)

nonnb 2010-08-10 11:32:20

ansaurus

tags:

views:

answers:

Grant SELECT, UPDATE, INSERT, DELETE to all tables except 1 (or more) in SQL Server 2005

related questions