How to prevent access to tables, views and stored procedures in an Azure SQL database?
Can someone let me know how to go about preventing users (other than the creator) from being able to access or view certain tables, views, and stored procedures?
I'm currently using SSMS, but not sure which options to select:
I have updated this question to address the solution that @Bhavani provided below, as his suggestion didn't appear to work.
I added an Azure Active Directory user to the database as follows:
CREATE USER [[email protected]]
FROM EXTERNAL PROVIDER
WITH DEFAULT_SCHEMA = config;
ALTER ROLE db_datareader ADD MEMBER [[email protected]];
I then denied all access to a Table called dbo.UpdatedProducts as follows
Having completed the above, when [email protected] access the database he can still read,select,alter etc.. on the table dbo.UpdatedProducts.
Can someone let me know if I have missed out a step?
Updated permissions for [email protected]
-- Revoke permissions explicitly if previously granted
REVOKE SELECT, INSERT, UPDATE, DELETE ON dbo.UpdatedProducts TO [[email protected]];
-- Grant only the necessary permissions
--GRANT SELECT ON dbo.UpdatedProducts TO [[email protected]];
DENY SELECT ON dbo.UpdatedProducts TO [[email protected]];
With the above update, [email protected] is still able to select and on dbo.UpdatedProducts
Here is a step-by-step guide on how to prevent users (other than the creator) from accessing or viewing certain database objects:
- Right-click on the table, view, or stored procedure and select "Properties."
- Go to the "Permissions" tab.
- Click on "Search" to find the user or role to which you want to grant or deny permissions, as shown below:
- In the "Explicit permissions for [user/role]" section, select "Deny" or "Grant" for the specific permissions you want to restrict. For example, if you want to access the table, view, or stored procedure data, you can grant permission to select the option, as shown below:
When working with AAD users, it's important to note that permissions are managed through roles and memberships. Instead of using DENY permissions, consider using a combination of GRANT and REVOKE to manage permissions. Deny permissions can be tricky to work with and might not always behave as expected due to inheritance.
-- Revoke permissions explicitly if previously granted
REVOKE SELECT, INSERT, UPDATE, DELETE ON dbo.UpdatedProducts TO [[email protected]];
-- Grant only the necessary permissions
GRANT SELECT ON dbo.UpdatedProducts TO [[email protected]];
You have added the user to the db_datareader role, which has read access to all tables in the database. that is the reason for getting table after revoking, use below command to restrict access to the particular table:
DENY SELECT ON dbo.UpdatedProducts TO [[email protected]];
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- No PK or FK when exporting SQL Server database
- Unexpected Recreation and Cost Increase of Deleted SQL Database in Azure: Is it a Bug or an Expected Behavior?
- Create Index without name while creating table
- CXSYNC_PORT wait type in Azure Sql Database
- New Linked Service (Azure SQL Database) Test connection failed
- Query a database inside Azure managed instance from Powershell
- Reduce Azure SQL Database Size
- Unable to reproduce primary key error on 'create if not exists sql'
- Azure AD user unable to connect to Azure SQL Error: 18456,State:1,Class:14
- Azure pipelines cannot connect to Azure SQL via AD/Entra using a custom console application
- .sqlproj building and deployment workflow
- What is the maximum supported compatibility level for EF6?
- Build and Deployment of DACPAC via Azure DevOps Pipeline without .sln (or any artifact)
- Add Azure Active Directory User to Azure SQL Database
- How do I copy SQL Azure database to my local development server?
- Reset identity seed after deleting records in SQL Server
- Why is Azure SQL database so expensive?
- Azure Data Studio - Why Is Restore Option Missing Entirely?
- Azure Granted Permission to SQL Server not authenticating
- Azure SQL database not available on first connection attempt
- In Azure dashboard - give user access to a single App Server, SQL Database, & Azure Storage
- Changing Azure Resource Group location
- Azure SQL backup is not available to restore to a new server
- C# DB project with SqlAzureV12DatabaseSchemaProvider: add filegroup is not possible?
- Azure Data Factory: How to use Exists when the source(Blob - csv) and target (SQL DB) are massive datasets (different datatypes ~370 cols, ~7M rows)
- SQL Azure - Create External Data Source: Location as a Parameter?
- Azure SQL Server Firewall Rule add multiple IP address using PowerShell for database connectivity
- Calling a stored procedure from EF Core 8 with Managed Identities
- Azure web apps unable to connect to my Azure private linked SQL Server