Reputation: 17196
What is the difference between being db_owner vs. db_datareader / db_datawriter?
I developed a business application at essentially the same time I learned to do non-trivial anything with SQL Server. I give data entry people db_owner and viewers db_datareader.
Now I'm trying to harden things up and the logical thing to my mind is give db_datareader and db_datawriter instread of db_owner, but I'm curious about (a) is this the right thing to do? and (b) what kinds of things can db_owner do that data_writer can't? (i.e. will anything not work after I switch).
Upvotes: 13
Views: 20586
Answers (1)
Reputation: 5707
Members of the db_owner fixed database role can perform all configuration and maintenance activities on the database. db_datawriter can perform DELETE, INSERT, UPDATE while db_datareader can only perform SELECT operations.
You should always try to grant only the minimum level of permissions needed to accomplish tasks. Most users don't need access to configuration or management features. In the case of data entry users, db_datawriter is probably appropriate.
Upvotes: 13
Related Questions
- SQL Server db_owner
- Does db_datawriter have a read permission on a database?
- Difference between owner and schema in the database
- How to understand that a user gets database access in SQL Server
- Database Role membership Db_owner and db_ddladmin in SQL Server
- What kind of owner and user to defined when creating Sql server DB for web site?
- What is the difference between "db_owner" and "the user that owns the database" in SQL Server 2000?
- What is the difference between being a db_owner and having GRANT ALL?
- sql-server which owner should i use?
- Sql Server User vs Role