[dba-SQLServer] Inherited Permissions

Billy Pang tuxedo_man at hotmail.com
Fri Nov 4 00:52:07 CST 2005

because teammanager is not part of the staffgrp, teammanager does not have 
staffgrp permissions. with the current setup, anyone who belongs to staffgrp 
would also have permissions of the managergrp as well because that user 
would have the permission staffgrp (because that user is part of the 
staffgrp) and also have the permission of the managergrp as well (because 
the staffgrp is part of (that is, is a user of) the managergrp who has 
permissions "intended for managers only").  you probably want it the other 
way around.


>From: David Emerson <newsgrps at dalyn.co.nz>
>Reply-To: dba-sqlserver at databaseadvisors.com
>To: dba-SQLServer at databaseadvisors.com
>Subject: [dba-SQLServer] Inherited Permissions
>Date: Fri, 04 Nov 2005 17:13:32 +1300
>SQL2000, AXP ade
>I have two roles set up in SQL called ManagerGrp and StaffGrp each
>with permissions for different sets of objects within a database.
>I also have a user called TeamManager who needs access to both sets
>of objects but has no permissions set directly.
>My initial thought was to make StaffGrp a user of ManagerGrp with the
>idea that the permissions from StaffGrp would be inherited by
>ManagerGrp.  Then by making TeamManager a user of ManagerGrp,
>TeamManager would inherit the permisions of both ManagerGrp and
>StaffGrp.  However the permissions of StaffGrp were not inherited by
>TeamManager.  It was not until I made TeamManager a user of both
>Roles that they received permissions from both roles.
>If permissions are not inherited by roles from other roles that are
>set as users, then when would roles be made users of other roles?
>David Emerson
>Dalyn Software Ltd
>999 Moonshine Rd, RD 1
>Judgeford, Porirua  6006
>Phone    (04) 235-6782
>Fax      (04) 235-6783
>Mob      (027) 280-9348
>dba-SQLServer mailing list
>dba-SQLServer at databaseadvisors.com

More information about the dba-SQLServer mailing list