Found out that the DBA before me had db_datareader checked for a sensitive database. Now as I understand it that grants Select on all tables within that database. Correct?
This same service account also has a Securables set up to a View I'll call (A). The view is the only thing this Service Account should be able to select and see. View (A) calls up other tables in the same databases as well just as a side note.
My question is if I removed the db_datareader on that Servicve Account will that account now not be able to Select from the underlieing tables?
I hope that makes sense. We are to fix this with breaking the app but wanted to lock down the database.