Home/ Questions/Q 446623
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T21:29:21+00:00

I searched SO for a pertinent question existing already but couldn’t find one. I

  • 0

I searched SO for a pertinent question existing already but couldn’t find one.

I am setting up a Read-only database role for a few databases in our server farm. Here is a sample of the permissions for one table:

GRANT SELECT ON [dbo].[Table] TO [ReadOnly]
GRANT VIEW DEFINITION ON [dbo].[Table] TO [ReadOnly]
DENY ALTER ON [dbo].[Table] TO [ReadOnly]
DENY CONTROL ON [dbo].[Table] TO [ReadOnly]
DENY DELETE ON [dbo].[Table] TO [ReadOnly]
DENY INSERT ON [dbo].[Table] TO [ReadOnly]
DENY REFERENCES ON [dbo].[Table] TO [ReadOnly]
DENY TAKE OWNERSHIP ON [dbo].[Table] TO [ReadOnly]
DENY UPDATE ON [dbo].[Table] TO [ReadOnly]

This works as intended for the SELECT permissions…I’m able to ONLY SELECT data, which is exactky what I want.

However, I cannot see the list of tables in the “Tables” tab for the specified database in Management Studio. My goal with this user is to provide some users that are unfamiliar with SQL a login they can use to pull data and start experimenting with SQL. These users are experienced with SAS, a statistical processing language, so they have some experience working with code but not so much specifically in SQL.

Which of those permissions will show the list of tables in Management Studio?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Granting any permission and view definition is all you need, however you’re also explicitly DENYing inheritable permissions from the same user (DENY always overrides a GRANT). If you simply do not GRANT the permission, they will not have it (alternatively, you can REVOKE rather than DENY, which does not explicitly override a GRANT). If you change your DENY‘s to REVOKE in the above script, your users will be able to list/view the objects in SSMS.

    • 0