I have an SQL Server 2008 database, some of the fields (columns) in some of the tables are configured with default values.
I have a requirement to limit user security as much as possible, ideally only allow read/write permissions. However, the users need to be able to see what the default values for the columns (well it's actually an application that needs to read the defaults).
Normally I can give the user access to the following roles if I want read/write only:
db_datareader
db_datawriter
The problem is that this prevents access to the default values. This can be confirmed by opening a table is design view (they get a message saying they have limited access and can only view the table design), and the default values are just shown blank.
If I add the db_owner
role then they can view the default values fine, but I don't want to give the owner powers.
Is there something else I can do in order to restrict to only read/write but with the extra ability to to see what the default values are?
Best Answer
This will allow the defaults to show up in the lower pane of the table designer:
Of course this doesn't give them the ability to make any changes to the table, and in general I discourage the use of the designers anyway. They're littered with bugs and inconsistencies. With
VIEW DEFINITION
rights, your user can also pull this information from the catalog views:Sure, dynamic SQL is very handy here.