SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 SQL Server 2008 Forums
 SQL Server Administration (2008)
 Revoke or Deny?
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

jbates99
Constraint Violating Yak Guru

385 Posts

Posted - 12/11/2012 :  16:23:18  Show Profile  Reply with Quote
We have far too many logins that can create databases.

Which is better:
Revoke CREATE DATABASE from UserX CASCADE;or

Deny CREATE DATABASE from UserX CASCADE; ?

I seem to remember that one of these will be removed at some point.

Thanks, Jack

robvolk
Most Valuable Yak

USA
15676 Posts

Posted - 12/11/2012 :  16:42:52  Show Profile  Visit robvolk's Homepage  Reply with Quote
They are not the same command. DENY specifically prevents someone from performing that action, even if they were GRANTed that permission via another means (role membership). REVOKE removes any GRANT or DENY on that permission for that user. Therefore, if you want to prevent them from creating databases, you have to use DENY.

I would be extremely careful about using CASCADE unless you absolutely know that the entire grantor-grantee path is valid for that operation.
Go to Top of Page

jbates99
Constraint Violating Yak Guru

385 Posts

Posted - 12/11/2012 :  17:34:33  Show Profile  Reply with Quote
Thank you, robvolk.

I expected to be able to use DENY DROP DATABASE to userX but that fails. How can I deny use of drop database?
Thanks.
Go to Top of Page

robvolk
Most Valuable Yak

USA
15676 Posts

Posted - 12/11/2012 :  17:56:35  Show Profile  Visit robvolk's Homepage  Reply with Quote
I would think DENY CREATE ANY DATABASE should do it, and DENY ALTER ANY DATABASE may be necessary. Make sure they are removed from the sysadmin server role as well.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.06 seconds. Powered By: Snitz Forums 2000