dbTalk Databases Forums  

SSMS 2008: Object Explorer Details

Go Back dbTalk Databases Forums Databases microsoft.public.sqlserver.tools SSMS 2008: Object Explorer Details

microsoft.public.sqlserver.tools microsoft.public.sqlserver.tools


Discuss SSMS 2008: Object Explorer Details in the microsoft.public.sqlserver.tools forum.



Reply
Page 1 of 5 1 2 3 4 5 >
 
Thread Tools Display Modes
  #1  
Old   
Toni
 
Posts: n/a

Default SSMS 2008: Object Explorer Details - 12-18-2008 , 07:59 AM





I'm using SQL Server 2008 SSMS against a SQL 2008 database and have a
question about permissions.

As a test, I gave a sql authenticated id Select permissions to two of
the tables. Since that id has access to the tables, shouldn't I be able
to see them when I open SSMS 2008 connected as the test user, expand the
database and then expand Tables?

I can open a New Query window and query the tables and get data returned
without error.

I don't need to be able to see all the objects -- just what I have
access to. Is that possible?

thank you,

Toni

*** Sent via Developersdex http://www.developersdex.com ***

Reply With Quote
  #2  
Old   
Erland Sommarskog
 
Posts: n/a

Default Re: SSMS 2008: Object Explorer Details - 12-18-2008 , 04:56 PM





Toni (teibner@allinadotcom) writes:
Quote:
I'm using SQL Server 2008 SSMS against a SQL 2008 database and have a
question about permissions.

As a test, I gave a sql authenticated id Select permissions to two of
the tables. Since that id has access to the tables, shouldn't I be able
to see them when I open SSMS 2008 connected as the test user, expand the
database and then expand Tables?

I can open a New Query window and query the tables and get data returned
without error.

I don't need to be able to see all the objects -- just what I have
access to. Is that possible?
That is indeed possible, although it is not default. To see the defintion
of an object, you need the permission VIEW DEFINITION on it. But if you
have SELECT permission, VIEW DEFINITION is implied. However, you can
explicitly deny a user VIEW DEFINITION, in which case the user cannot
see the table in Object Explorer.

The script below illustrates:



CREATE DATABASE tomtefrid
CREATE LOGIN kalleanka WITH PASSWORD='Bengt Feldreich'
go
USE tomtefrid
go
CREATE TABLE nisse (a int NOT NULL)
CREATE TABLE staffan (a int NOT NULL)
CREATE TABLE josef (a int NOT NULL)
CREATE USER kalleanka
go
GRANT SELECT ON nisse TO kalleanka
GRANT SELECT ON staffan TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists both tables
SELECT object_name(object_id) FROM sys.tables
go
REVERT
go
DENY VIEW DEFINITION ON nisse TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists only staffan
SELECT object_name(object_id) FROM sys.tables
-- But user can still SELECT.
SELECT a FROM nisse
go
REVERT
go
USE tempdb
go
DROP DATABASE tomtefrid
DROP LOGIN kalleanka


--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinf...ons/books.mspx



Reply With Quote
  #3  
Old   
Erland Sommarskog
 
Posts: n/a

Default Re: SSMS 2008: Object Explorer Details - 12-18-2008 , 04:56 PM


Toni (teibner@allinadotcom) writes:
Quote:
I'm using SQL Server 2008 SSMS against a SQL 2008 database and have a
question about permissions.

As a test, I gave a sql authenticated id Select permissions to two of
the tables. Since that id has access to the tables, shouldn't I be able
to see them when I open SSMS 2008 connected as the test user, expand the
database and then expand Tables?

I can open a New Query window and query the tables and get data returned
without error.

I don't need to be able to see all the objects -- just what I have
access to. Is that possible?
That is indeed possible, although it is not default. To see the defintion
of an object, you need the permission VIEW DEFINITION on it. But if you
have SELECT permission, VIEW DEFINITION is implied. However, you can
explicitly deny a user VIEW DEFINITION, in which case the user cannot
see the table in Object Explorer.

The script below illustrates:



CREATE DATABASE tomtefrid
CREATE LOGIN kalleanka WITH PASSWORD='Bengt Feldreich'
go
USE tomtefrid
go
CREATE TABLE nisse (a int NOT NULL)
CREATE TABLE staffan (a int NOT NULL)
CREATE TABLE josef (a int NOT NULL)
CREATE USER kalleanka
go
GRANT SELECT ON nisse TO kalleanka
GRANT SELECT ON staffan TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists both tables
SELECT object_name(object_id) FROM sys.tables
go
REVERT
go
DENY VIEW DEFINITION ON nisse TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists only staffan
SELECT object_name(object_id) FROM sys.tables
-- But user can still SELECT.
SELECT a FROM nisse
go
REVERT
go
USE tempdb
go
DROP DATABASE tomtefrid
DROP LOGIN kalleanka


--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinf...ons/books.mspx



Reply With Quote
  #4  
Old   
Erland Sommarskog
 
Posts: n/a

Default Re: SSMS 2008: Object Explorer Details - 12-18-2008 , 04:56 PM


Toni (teibner@allinadotcom) writes:
Quote:
I'm using SQL Server 2008 SSMS against a SQL 2008 database and have a
question about permissions.

As a test, I gave a sql authenticated id Select permissions to two of
the tables. Since that id has access to the tables, shouldn't I be able
to see them when I open SSMS 2008 connected as the test user, expand the
database and then expand Tables?

I can open a New Query window and query the tables and get data returned
without error.

I don't need to be able to see all the objects -- just what I have
access to. Is that possible?
That is indeed possible, although it is not default. To see the defintion
of an object, you need the permission VIEW DEFINITION on it. But if you
have SELECT permission, VIEW DEFINITION is implied. However, you can
explicitly deny a user VIEW DEFINITION, in which case the user cannot
see the table in Object Explorer.

The script below illustrates:



CREATE DATABASE tomtefrid
CREATE LOGIN kalleanka WITH PASSWORD='Bengt Feldreich'
go
USE tomtefrid
go
CREATE TABLE nisse (a int NOT NULL)
CREATE TABLE staffan (a int NOT NULL)
CREATE TABLE josef (a int NOT NULL)
CREATE USER kalleanka
go
GRANT SELECT ON nisse TO kalleanka
GRANT SELECT ON staffan TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists both tables
SELECT object_name(object_id) FROM sys.tables
go
REVERT
go
DENY VIEW DEFINITION ON nisse TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists only staffan
SELECT object_name(object_id) FROM sys.tables
-- But user can still SELECT.
SELECT a FROM nisse
go
REVERT
go
USE tempdb
go
DROP DATABASE tomtefrid
DROP LOGIN kalleanka


--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinf...ons/books.mspx



Reply With Quote
  #5  
Old   
Erland Sommarskog
 
Posts: n/a

Default Re: SSMS 2008: Object Explorer Details - 12-18-2008 , 04:56 PM


Toni (teibner@allinadotcom) writes:
Quote:
I'm using SQL Server 2008 SSMS against a SQL 2008 database and have a
question about permissions.

As a test, I gave a sql authenticated id Select permissions to two of
the tables. Since that id has access to the tables, shouldn't I be able
to see them when I open SSMS 2008 connected as the test user, expand the
database and then expand Tables?

I can open a New Query window and query the tables and get data returned
without error.

I don't need to be able to see all the objects -- just what I have
access to. Is that possible?
That is indeed possible, although it is not default. To see the defintion
of an object, you need the permission VIEW DEFINITION on it. But if you
have SELECT permission, VIEW DEFINITION is implied. However, you can
explicitly deny a user VIEW DEFINITION, in which case the user cannot
see the table in Object Explorer.

The script below illustrates:



CREATE DATABASE tomtefrid
CREATE LOGIN kalleanka WITH PASSWORD='Bengt Feldreich'
go
USE tomtefrid
go
CREATE TABLE nisse (a int NOT NULL)
CREATE TABLE staffan (a int NOT NULL)
CREATE TABLE josef (a int NOT NULL)
CREATE USER kalleanka
go
GRANT SELECT ON nisse TO kalleanka
GRANT SELECT ON staffan TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists both tables
SELECT object_name(object_id) FROM sys.tables
go
REVERT
go
DENY VIEW DEFINITION ON nisse TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists only staffan
SELECT object_name(object_id) FROM sys.tables
-- But user can still SELECT.
SELECT a FROM nisse
go
REVERT
go
USE tempdb
go
DROP DATABASE tomtefrid
DROP LOGIN kalleanka


--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinf...ons/books.mspx



Reply With Quote
  #6  
Old   
Erland Sommarskog
 
Posts: n/a

Default Re: SSMS 2008: Object Explorer Details - 12-18-2008 , 04:56 PM


Toni (teibner@allinadotcom) writes:
Quote:
I'm using SQL Server 2008 SSMS against a SQL 2008 database and have a
question about permissions.

As a test, I gave a sql authenticated id Select permissions to two of
the tables. Since that id has access to the tables, shouldn't I be able
to see them when I open SSMS 2008 connected as the test user, expand the
database and then expand Tables?

I can open a New Query window and query the tables and get data returned
without error.

I don't need to be able to see all the objects -- just what I have
access to. Is that possible?
That is indeed possible, although it is not default. To see the defintion
of an object, you need the permission VIEW DEFINITION on it. But if you
have SELECT permission, VIEW DEFINITION is implied. However, you can
explicitly deny a user VIEW DEFINITION, in which case the user cannot
see the table in Object Explorer.

The script below illustrates:



CREATE DATABASE tomtefrid
CREATE LOGIN kalleanka WITH PASSWORD='Bengt Feldreich'
go
USE tomtefrid
go
CREATE TABLE nisse (a int NOT NULL)
CREATE TABLE staffan (a int NOT NULL)
CREATE TABLE josef (a int NOT NULL)
CREATE USER kalleanka
go
GRANT SELECT ON nisse TO kalleanka
GRANT SELECT ON staffan TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists both tables
SELECT object_name(object_id) FROM sys.tables
go
REVERT
go
DENY VIEW DEFINITION ON nisse TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists only staffan
SELECT object_name(object_id) FROM sys.tables
-- But user can still SELECT.
SELECT a FROM nisse
go
REVERT
go
USE tempdb
go
DROP DATABASE tomtefrid
DROP LOGIN kalleanka


--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinf...ons/books.mspx



Reply With Quote
  #7  
Old   
Erland Sommarskog
 
Posts: n/a

Default Re: SSMS 2008: Object Explorer Details - 12-18-2008 , 04:56 PM


Toni (teibner@allinadotcom) writes:
Quote:
I'm using SQL Server 2008 SSMS against a SQL 2008 database and have a
question about permissions.

As a test, I gave a sql authenticated id Select permissions to two of
the tables. Since that id has access to the tables, shouldn't I be able
to see them when I open SSMS 2008 connected as the test user, expand the
database and then expand Tables?

I can open a New Query window and query the tables and get data returned
without error.

I don't need to be able to see all the objects -- just what I have
access to. Is that possible?
That is indeed possible, although it is not default. To see the defintion
of an object, you need the permission VIEW DEFINITION on it. But if you
have SELECT permission, VIEW DEFINITION is implied. However, you can
explicitly deny a user VIEW DEFINITION, in which case the user cannot
see the table in Object Explorer.

The script below illustrates:



CREATE DATABASE tomtefrid
CREATE LOGIN kalleanka WITH PASSWORD='Bengt Feldreich'
go
USE tomtefrid
go
CREATE TABLE nisse (a int NOT NULL)
CREATE TABLE staffan (a int NOT NULL)
CREATE TABLE josef (a int NOT NULL)
CREATE USER kalleanka
go
GRANT SELECT ON nisse TO kalleanka
GRANT SELECT ON staffan TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists both tables
SELECT object_name(object_id) FROM sys.tables
go
REVERT
go
DENY VIEW DEFINITION ON nisse TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists only staffan
SELECT object_name(object_id) FROM sys.tables
-- But user can still SELECT.
SELECT a FROM nisse
go
REVERT
go
USE tempdb
go
DROP DATABASE tomtefrid
DROP LOGIN kalleanka


--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinf...ons/books.mspx



Reply With Quote
  #8  
Old   
Erland Sommarskog
 
Posts: n/a

Default Re: SSMS 2008: Object Explorer Details - 12-18-2008 , 04:56 PM


Toni (teibner@allinadotcom) writes:
Quote:
I'm using SQL Server 2008 SSMS against a SQL 2008 database and have a
question about permissions.

As a test, I gave a sql authenticated id Select permissions to two of
the tables. Since that id has access to the tables, shouldn't I be able
to see them when I open SSMS 2008 connected as the test user, expand the
database and then expand Tables?

I can open a New Query window and query the tables and get data returned
without error.

I don't need to be able to see all the objects -- just what I have
access to. Is that possible?
That is indeed possible, although it is not default. To see the defintion
of an object, you need the permission VIEW DEFINITION on it. But if you
have SELECT permission, VIEW DEFINITION is implied. However, you can
explicitly deny a user VIEW DEFINITION, in which case the user cannot
see the table in Object Explorer.

The script below illustrates:



CREATE DATABASE tomtefrid
CREATE LOGIN kalleanka WITH PASSWORD='Bengt Feldreich'
go
USE tomtefrid
go
CREATE TABLE nisse (a int NOT NULL)
CREATE TABLE staffan (a int NOT NULL)
CREATE TABLE josef (a int NOT NULL)
CREATE USER kalleanka
go
GRANT SELECT ON nisse TO kalleanka
GRANT SELECT ON staffan TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists both tables
SELECT object_name(object_id) FROM sys.tables
go
REVERT
go
DENY VIEW DEFINITION ON nisse TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists only staffan
SELECT object_name(object_id) FROM sys.tables
-- But user can still SELECT.
SELECT a FROM nisse
go
REVERT
go
USE tempdb
go
DROP DATABASE tomtefrid
DROP LOGIN kalleanka


--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinf...ons/books.mspx



Reply With Quote
  #9  
Old   
Erland Sommarskog
 
Posts: n/a

Default Re: SSMS 2008: Object Explorer Details - 12-18-2008 , 04:56 PM


Toni (teibner@allinadotcom) writes:
Quote:
I'm using SQL Server 2008 SSMS against a SQL 2008 database and have a
question about permissions.

As a test, I gave a sql authenticated id Select permissions to two of
the tables. Since that id has access to the tables, shouldn't I be able
to see them when I open SSMS 2008 connected as the test user, expand the
database and then expand Tables?

I can open a New Query window and query the tables and get data returned
without error.

I don't need to be able to see all the objects -- just what I have
access to. Is that possible?
That is indeed possible, although it is not default. To see the defintion
of an object, you need the permission VIEW DEFINITION on it. But if you
have SELECT permission, VIEW DEFINITION is implied. However, you can
explicitly deny a user VIEW DEFINITION, in which case the user cannot
see the table in Object Explorer.

The script below illustrates:



CREATE DATABASE tomtefrid
CREATE LOGIN kalleanka WITH PASSWORD='Bengt Feldreich'
go
USE tomtefrid
go
CREATE TABLE nisse (a int NOT NULL)
CREATE TABLE staffan (a int NOT NULL)
CREATE TABLE josef (a int NOT NULL)
CREATE USER kalleanka
go
GRANT SELECT ON nisse TO kalleanka
GRANT SELECT ON staffan TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists both tables
SELECT object_name(object_id) FROM sys.tables
go
REVERT
go
DENY VIEW DEFINITION ON nisse TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists only staffan
SELECT object_name(object_id) FROM sys.tables
-- But user can still SELECT.
SELECT a FROM nisse
go
REVERT
go
USE tempdb
go
DROP DATABASE tomtefrid
DROP LOGIN kalleanka


--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinf...ons/books.mspx



Reply With Quote
  #10  
Old   
Erland Sommarskog
 
Posts: n/a

Default Re: SSMS 2008: Object Explorer Details - 12-18-2008 , 04:56 PM


Toni (teibner@allinadotcom) writes:
Quote:
I'm using SQL Server 2008 SSMS against a SQL 2008 database and have a
question about permissions.

As a test, I gave a sql authenticated id Select permissions to two of
the tables. Since that id has access to the tables, shouldn't I be able
to see them when I open SSMS 2008 connected as the test user, expand the
database and then expand Tables?

I can open a New Query window and query the tables and get data returned
without error.

I don't need to be able to see all the objects -- just what I have
access to. Is that possible?
That is indeed possible, although it is not default. To see the defintion
of an object, you need the permission VIEW DEFINITION on it. But if you
have SELECT permission, VIEW DEFINITION is implied. However, you can
explicitly deny a user VIEW DEFINITION, in which case the user cannot
see the table in Object Explorer.

The script below illustrates:



CREATE DATABASE tomtefrid
CREATE LOGIN kalleanka WITH PASSWORD='Bengt Feldreich'
go
USE tomtefrid
go
CREATE TABLE nisse (a int NOT NULL)
CREATE TABLE staffan (a int NOT NULL)
CREATE TABLE josef (a int NOT NULL)
CREATE USER kalleanka
go
GRANT SELECT ON nisse TO kalleanka
GRANT SELECT ON staffan TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists both tables
SELECT object_name(object_id) FROM sys.tables
go
REVERT
go
DENY VIEW DEFINITION ON nisse TO kalleanka
go
EXECUTE AS LOGIN = 'kalleanka'
go
-- Lists only staffan
SELECT object_name(object_id) FROM sys.tables
-- But user can still SELECT.
SELECT a FROM nisse
go
REVERT
go
USE tempdb
go
DROP DATABASE tomtefrid
DROP LOGIN kalleanka


--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinf...ons/books.mspx



Reply With Quote
Reply
Page 1 of 5 1 2 3 4 5 >

« Previous Thread | Next Thread »



Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.


Contact Us - dbTalk Databases Forums - Archive - Top