I have a database that will be shared across multiple related types of applications for different users. I want to be able to restrict each database user to essentially have full control over their own objects, with only read access to the other objects of the database that they didn't create.
Is this possible and what's the best way to accomplish this?
Best Answer
Look into using Schemas. Each User can have (and own) their own Schema for their objects that they have full control over. Then you can grant
SELECT
access for them to other Schemas.When doing this, you need to make sure that both of the following conditions are met:
AUTHORIZATION
) is for the intended UserAs the schema owner, each user will have
CONTROL
permission over the schema and all objects within. SELECT permission can then be granted on other schemas as needed:Please see: