I'm trying to find the answer on question about "Object permissions" &
"Statement permissions".
I read some books and received the discrepant (contradictory) information.
Can you help me to find the truth?what is the question then?
sql server version would be useful as well. and the description of your
problem/case, for example.
--
Thanks, Liliya
"RedFox" wrote:
> I'm trying to find the answer on question about "Object permissions" &
> "Statement permissions".
> I read some books and received the discrepant (contradictory) information.
> Can you help me to find the truth?|||The truth about what exactly? Can you be more specific?
--
Andrew J. Kelly SQL MVP
Solid Quality Mentors
"RedFox" <redfox_net@.ukr.net> wrote in message
news:BA9F61A6-95AF-4267-AA2F-37EF3669F4A2@.microsoft.com...
> I'm trying to find the answer on question about "Object permissions" &
> "Statement permissions".
> I read some books and received the discrepant (contradictory) information.
> Can you help me to find the truth?|||RedFox
Object permissions means ( as I understand it) that you do not have any
access on. For instance you table called "Product" and cannot
INSERT/DELETE/UPDATE/SELECT/EXECUTE ,nothing
Statement permissions is a little bit difference as you may have SELECT
statement permission to read the data, however , you cannot modify any data
(UPDATE permission)
"RedFox" <redfox_net@.ukr.net> wrote in message
news:BA9F61A6-95AF-4267-AA2F-37EF3669F4A2@.microsoft.com...
> I'm trying to find the answer on question about "Object permissions" &
> "Statement permissions".
> I read some books and received the discrepant (contradictory) information.
> Can you help me to find the truth?|||your question is...? ask one :)
--
Thanks, Liliya
"Uri Dimant" wrote:
> RedFox
> Object permissions means ( as I understand it) that you do not have any
> access on. For instance you table called "Product" and cannot
> INSERT/DELETE/UPDATE/SELECT/EXECUTE ,nothing
> Statement permissions is a little bit difference as you may have SELECT
> statement permission to read the data, however , you cannot modify any data
> (UPDATE permission)
>
>
> "RedFox" <redfox_net@.ukr.net> wrote in message
> news:BA9F61A6-95AF-4267-AA2F-37EF3669F4A2@.microsoft.com...
> > I'm trying to find the answer on question about "Object permissions" &
> > "Statement permissions".
> > I read some books and received the discrepant (contradictory) information.
> > Can you help me to find the truth?
>
>|||Dear All.
Excuse me for a shot message. Additional:
- Book "Microsoftâ?¢ SQL Server 2005 Implementation and Maintenance
Study Guide (Exam 70â'431)" by Joseph L. Jorden Dandy Weyn
In this book I found the descriptions:
- "Statement permissions have nothing to do with the actual data; they allow
users to create the structure that holds the data."
- "Once the structure exists to hold the data, you need to give users
permission to start working with the data in the databases, which is
accomplished by granting object permissions to your users."
Is these terms correct for SQL 2005 in this context?
"Uri Dimant" wrote:
> RedFox
> Object permissions means ( as I understand it) that you do not have any
> access on. For instance you table called "Product" and cannot
> INSERT/DELETE/UPDATE/SELECT/EXECUTE ,nothing
> Statement permissions is a little bit difference as you may have SELECT
> statement permission to read the data, however , you cannot modify any data
> (UPDATE permission)
>
>
> "RedFox" <redfox_net@.ukr.net> wrote in message
> news:BA9F61A6-95AF-4267-AA2F-37EF3669F4A2@.microsoft.com...
> > I'm trying to find the answer on question about "Object permissions" &
> > "Statement permissions".
> > I read some books and received the discrepant (contradictory) information.
> > Can you help me to find the truth?
>
>|||This is more about terminology than about technicalities. In earlier versions of SQL Server, use
used to table about "object permissions", for example:
GRANT SELECT ON Customers TO RedFox
We also talked about "statement permissions", such as:
GRANT CREATE TABLE TO RedFox
GRANT BACKUP DATABASE TO RedFox
With SQL Server 2005, MS tries to align terminology with what we have in Windows (and AD etc). So,
we talk about principals (user, login, role) and securables (table, procedure, view etc). A
securable lives in some specific scope (a table lives in a schema, an assembly lives in a database,
an endpoiint lives in a server). So, we have now for instance "Database level permissions", such as:
GRANT CREATE TABLE TO RedFox
Above doesn't apply to some securable, and is what we used to call "statement permission".
We also have, for instance "Database Level Securable Permissions", such as
GRANT EXECUTE ON ASEMBLY::myAssembly TO RedFox
We also have for instance "Schema Level Securable Permissions", such as:
GRANT SELECT ON Customers TO RedFox
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi
"RedFox" <redfox_net@.ukr.net> wrote in message
news:1E0081B4-B193-48E0-8F13-57E866F9A736@.microsoft.com...
> Dear All.
> Excuse me for a shot message. Additional:
> - Book "Microsoftâ?¢ SQL Server 2005 Implementation and Maintenance
> Study Guide (Exam 70â'431)" by Joseph L. Jorden Dandy Weyn
> In this book I found the descriptions:
> - "Statement permissions have nothing to do with the actual data; they allow
> users to create the structure that holds the data."
> - "Once the structure exists to hold the data, you need to give users
> permission to start working with the data in the databases, which is
> accomplished by granting object permissions to your users."
> Is these terms correct for SQL 2005 in this context?
> "Uri Dimant" wrote:
>> RedFox
>> Object permissions means ( as I understand it) that you do not have any
>> access on. For instance you table called "Product" and cannot
>> INSERT/DELETE/UPDATE/SELECT/EXECUTE ,nothing
>> Statement permissions is a little bit difference as you may have SELECT
>> statement permission to read the data, however , you cannot modify any data
>> (UPDATE permission)
>>
>>
>> "RedFox" <redfox_net@.ukr.net> wrote in message
>> news:BA9F61A6-95AF-4267-AA2F-37EF3669F4A2@.microsoft.com...
>> > I'm trying to find the answer on question about "Object permissions" &
>> > "Statement permissions".
>> > I read some books and received the discrepant (contradictory) information.
>> > Can you help me to find the truth?
>>|||"RedFox" wrote:
> Dear All.
> Excuse me for a shot message. Additional:
> - Book "Microsoftâ?¢ SQL Server 2005 Implementation and Maintenance
> Study Guide (Exam 70â'431)" by Joseph L. Jorden Dandy Weyn
> In this book I found the descriptions:
> - "Statement permissions have nothing to do with the actual data; they allow
> users to create the structure that holds the data."
not really correct without the context. for example this particular
statement in the context as is is not applicable at all to statement
permissions
select, delete, update, insert, because they are not ddl
> - "Once the structure exists to hold the data, you need to give users
> permission to start working with the data in the databases, which is
> accomplished by granting object permissions to your users."
that is not correct in the context given also, because create database
statement permission for example can not deal with any data yet, they just do
not exist, if other 'create' statement permissions have anything to do with
the data is outside of the context of the quotation above as well, they are
for ddl after all.
> Is these terms correct for SQL 2005 in this context?
I would not say the statements are correct as given, however in its own
context of the book they may be.
If you want to find your what permissions the user has, then that is
sp_helprotect or permission function
ms-help://MS.SQLCC.v9/MS.SQLSVR.v9.en/tsqlref9/html/81625a56-b160-4424-91c5-1ce8b259a8e6.htm
or
http://msdn2.microsoft.com/en-us/library/ms186915.aspx
can find your own permissions as well fn_my_permissions.
statement permission can be granted, revoked, denied and audited. Can a user
XYZ do action ABC on the object Q123 is defined by the chain of ownership
(what rights are granted, denied, revoked through what and on what).
--
Thanks, Liliya
> "Uri Dimant" wrote:
> > RedFox
> > Object permissions means ( as I understand it) that you do not have any
> > access on. For instance you table called "Product" and cannot
> > INSERT/DELETE/UPDATE/SELECT/EXECUTE ,nothing
> > Statement permissions is a little bit difference as you may have SELECT
> > statement permission to read the data, however , you cannot modify any data
> > (UPDATE permission)
> >
> >
> >
> >
> > "RedFox" <redfox_net@.ukr.net> wrote in message
> > news:BA9F61A6-95AF-4267-AA2F-37EF3669F4A2@.microsoft.com...
> > > I'm trying to find the answer on question about "Object permissions" &
> > > "Statement permissions".
> > > I read some books and received the discrepant (contradictory) information.
> > > Can you help me to find the truth?
> >
> >
> >
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment