I am trying to assign a SQL Server database role to a user who just needs to be able to see data across all tables.
I was wondering what is the difference between db_datareader
and db_denydatawriter
?
From the documentation I don't seem to realize any difference.
Thanks,
Best Answer
You should only make him a member of
db_datareader
.By default, any newly created
user
has no permissions at all (unless you grant something topublic
or the correspondinglogin
has some permissions at theserver level
: for example,view any definition
at the server level impliesview definition
atdatabase level
once thelogin
is mapped to a database).