This post is part of the series on SQL Snippets.
I create a lot of SQL objects such as views, tables, stored procedures and so on. If they will be used from within Microsoft Dynamics then they can simply be assigned to the DYNSA role, but if they are for use in custom reporting or integrations then separate security will be required.
Usually for reporting, and especially for integrations, security will be as locked down as possible to minimise any possible attack vector. This can be done in SQL through a security role with only limited security granted to the necessary users.
The first step is to create the role itself; I always do this using a role with a name prefixed with urpt_ so that it can easily be identified as a custom user role:
-- creatr security role on database
CREATE ROLE [urpt_Role] AUTHORIZATION [dbo]
GO
Then we grant the relevant permissions to the new role. For a report this would mean only granting select permissions on the relevant views and tables; for an integration there may be inserts and updates granted.
-- grant permission to role on object
GRANT SELECT ON [dbo].[uv_SQLView] TO [urpt_Role]
GRANT SELECT ON [dbo].[GL20000] TO [urpt_Role]
GRANT SELECT ON [dbo].[GL30000] TO [urpt_Role]
GO
For a report, you may need to create a database user for the user or AD group:
-- create user on database
CREATE USER [DOMAIN\user]
GO
The final step is to assign the role to the relevant users or AD groups:
-- assign role to user on database
ALTER ROLE [urpt_Role] ADD MEMBER [DOMAIN\user]
GO
Click to show/hide the SQL Snippets Series Index
| SQL Snippets |
|---|
| Manage Data Containing an Apostrophe |
| SELECT INTO |
| Create and Use Database Role to Restrict Access |
| Select Primary Keys for All Tables in Database |
| Select All Fields for All Tables In Database |