Monday, March 26, 2012

Lock out 1 user within Enterprise Manager

I have one rogue user who constantly creates, deletes,
and just does things in the system that are not
authorized causing tons of administrative work on my
end. Is there a way to allow this user ONLY to READ
everything from within SQL-EM, vs. writing or creating
anything. All this person does is Crystal reports, so I
might just remove the software altogether. But I'd like
to restrict rights because they'll definitely come tell
me that they couldn't do something due to restriction, at
which point I can bust them. Thanks!Don't give the user sysadmin privileges on the database.
Make this person a member of the datareader role in the database they need
access to and no other role membership other than public and no permissions
explicitly.
Bill
"CPS" <anonymous@.discussions.microsoft.com> wrote in message
news:14e2f01c3fa26$40d04c80$a001280a@.phx
.gbl...
> I have one rogue user who constantly creates, deletes,
> and just does things in the system that are not
> authorized causing tons of administrative work on my
> end. Is there a way to allow this user ONLY to READ
> everything from within SQL-EM, vs. writing or creating
> anything. All this person does is Crystal reports, so I
> might just remove the software altogether. But I'd like
> to restrict rights because they'll definitely come tell
> me that they couldn't do something due to restriction, at
> which point I can bust them. Thanks!|||Thanks!! How do I make sure they don't go into EM and
give themselves the rights back again?
>--Original Message--
>Don't give the user sysadmin privileges on the database.
>Make this person a member of the datareader role in the
database they need
>access to and no other role membership other than public
and no permissions
>explicitly.
>Bill
>"CPS" <anonymous@.discussions.microsoft.com> wrote in
message
> news:14e2f01c3fa26$40d04c80$a001280a@.phx
.gbl...
I
like
at
>
>.
>|||If they don't have sa or dbo rights they wont be able to change permissions.
Andrew J. Kelly SQL MVP
<anonymous@.discussions.microsoft.com> wrote in message
news:1567901c3fa5b$c5789d90$a501280a@.phx
.gbl...
> Thanks!! How do I make sure they don't go into EM and
> give themselves the rights back again?
> database they need
> and no permissions
> message
> I
> like
> atsql
Posted by ornamentalklze at 5:15 AM
Labels: , , , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)