How can I deny access to specific databases from a login? I know that I can walk through and make the login a db_owner on all the ones I want the login to have access to, but how do I do the opposite? I want the login to have access to everything but the ones that I specify
Sql-server – Deny access to one database, allow all the rest
Securitysql-server-2008-r2
Related Question
- Mysql – Allow access for localhost and named server
- Sql-server – How to deny access to see the logins in a database
- SQL Server Login – Access Tables Across Multiple Databases
- Sql-server – Grant access to all objects (with a few exceptions) to a role
- Sql-server – Need to deny DML access through SSMS using web app credentials
- Sql-server – Deny All DDL & DML Commands In Sql Server
- SQL Server Security – How to Deny Writes in All Databases
Best Answer
I would highly suggest you not assign a login to db_owner just "to have access to" a database unless you want them to have "admin" privileges in that database.
You also have to consider what permissions the login has at the instance level first. Assigning a user to
db_denyXXX
will have no affect if the login is sysadmin or securityadmin privileges.If we are talking about a "regular" login on the instance you prevent them from accessing the database by not mapping that login to a user in the database. If no database user exist in the database for the login then they cannot connect to it, as long as they do not have higher privileges at the instance level.