{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 放荡不羁爱自由 的问题《sql server grant, revoke permission to a user》','https://www.manongdao.com/q-1294384.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I wrote a simple c# code that connect to sql-server database and execute a query:
cmd = new SqlCommand(txtQuery.Text.ToString().Trim(), con);
cmd.ExecuteNonQuery();
in my db I have a table named myTB. I have two users too: user1(owner), user2(new user created)
I logged in (connected to DB) with user2's username and password !
I can access the tables that created by user1 with the query bellow:
"select * from user1.myTB"
(I don't know why I get error with this query:"select * from myTB", forget it now!)
Now I wanna REVOKE 'select' permission from user2. I mean I don't want user2 to execute the select query on myTB table which is created by user1.
what should I do is a problem that I'm stuck on it ! I used this query, but nothing changed !
Q1: "Revoke select ON user1.myTB FROM user2"
again user2 can do select * from user1.myTB !!! WHY !?
please help me with this. thanks.
You cannot REVOKE something you did not GRANT. Looks like you want to:
user2has permission to SELECTuser2The permission work like following:
The rules of precedence are that any DENY take precedence over any GRANT or inherited privilege. One can get access through a number of GRANTs but one single DENY will revoke the privilege. You cannot GRANT/REVOKE/DENY permissions to the securable owner (members of
db_ownerown everything and members ofsysadminown everything on the entire server).Thanks friends, I've solved it and use DENY instead of REVOKE :
DENY select ON user1.myTB TO user2
user2 is probably getting it's permissions from a role membership.
Run:
find the user in the first column, and then look at the second column. Is the user a member of
db_datareaderordb_owner?If so, you can revoke membership, say for db_datareader, by doing: