Skip to content
This repository has been archived by the owner on Sep 30, 2024. It is now read-only.

Script permissions per object #5

Open
mika76 opened this issue Jun 13, 2017 · 3 comments
Open

Script permissions per object #5

mika76 opened this issue Jun 13, 2017 · 3 comments
Labels
enhancement

Comments

@mika76
Copy link

mika76 commented Jun 13, 2017

This is great - but you're missing grants for each object, especially if you're going to drop and recreate every time...
@justinlettau
Copy link
Owner

What do you mean? The connection to SQL is with user provided credentials, so we should have whatever permissions needed to execute.

@mika76
Copy link
Author

mika76 commented Jun 13, 2017

The user you used to read the db is ok, but it is not the only user that that object might have grants to. You might have set up roles for example and given different roles different access permissions.

For example I might have a role/user called ReportRunner and that might only have SELECT permissions on some tables. Currently you lose all that info. The only info you keep is the "owner" of the object - which in this case is the user you are logged in as.

Plus with sql you can give deny permissions too where you explicitly DENY a permission to a specific user/role.

See this for some info...

@justinlettau
Copy link
Owner

It seems SQL Server 2016 introduced the CREATE or ALTER syntax, which avoids having to drop each object (and losing permissions). Will add this to idempotent options soon!

https://blogs.msdn.microsoft.com/sqlserverstorageengine/2016/11/17/create-or-alter-another-great-language-enhancement-in-sql-server-2016-sp1/

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mika76 @justinlettau