We have several databases on SQL server. We would like to create 1 new user that can see database 'c' but can not see the rest of the databases.
This user should only be able to select from this database, and nothing else.
I have been googleing and searching for a while now, and the closest I found was to deny view any database, and then make them the database owner.
But I don't think that will work for limiting them to select, unless is there a way I can deny everything except for select on a database owner?
Thanks in advance for any help!
Edit: SQL Server 2008 R2, by the way.
Edit2: Sorry, I was not clear in my original post. I am looking to make it so when they log in they won't even see the names of other databases, not just that they can't access them.
Thanks.
1) Create the user on the server
2) Add the user to the given database
3) Grant read-only access to the database
USE [master]
CREATE LOGIN [SomeUserName] WITH PASSWORD=N'someStr0ngP@ssword', DEFAULT_DATABASE=[c], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=ON, CHECK_POLICY=ON
GO
USE [c]
CREATE USER [SomeUserName] FOR LOGIN [SomeUserName] WITH DEFAULT_SCHEMA=[dbo]
GO
EXEC sp_addrolemember N'db_datareader', N'SomeUserName'
deny is the default behavior when it comes to permission so if you create a user and add it to the db_datareader role on the necessary db, that's the only permission it will have. It wont be able to access the other databases
EDIT:
use [master]
GO
DENY VIEW ANY DATABASE TO [login]
GO
use [master]
GO
DENY VIEW SERVER STATE TO [login]
GO
that will remove the login's abbility to view the databases. Then go to the one you WANT him to see and make him owner of that DB
Step-1: Create the LogIn
Step-2: Remove all DB view permission from the login
deny view any database to LogInName
Step-3: Give the login authorization of database
alter authorization on database:: DataBaseName to LogInName
Note: No need to specify username or database name with in single quotation marks
Maybe this will work.
Add user to server and map to the correct data base. Delete user from Server.
Server will inform you Deleting server users does not delete the data base users associated with this login.
Click OK and you will have user with access only to the one data base.
来源:https://stackoverflow.com/questions/10218897/create-user-that-can-only-see-one-database-and-only-select-from-it