Two Schemas:
dbo
test
I'd like to grant create table to the test schema for a windows group; but not have them be able to create a table in the dbo schema.
I have tried:
GRANT CONTROL, ALTER ON SCHEMA :: test TO [ad\windows_group];
GRANT CREATE TABLE TO [ad\windows_group];
DENY ALTER ON SCHEMA :: DBO TO [ad\windows_group];
GRANT VIEW DEFINITION ON SCHEMA :: DBO TO [ad\windows_group]
The members of the windows_group can still create a table on the dbo schema; but cannot drop it.
I've seen multiple references saying that DENYing the ALTER schema permission should block the creation of the table; but I think I'm missing something.
Thanks
Best Answer
The correct grants are:
They would not be able to do that without ALTER permissions on dbo.
Somehow you've granted that user ALTER on the dbo schema or the database.