AZGroups.com

Recently, I have noticed an occassional new table or two showing up in our database.  I suspect that this may be a case of a SQL Insertion attach.  The table is created with the owner being the Internet User account that we have setup.  This account has always had the default permissions and I want to make the changes necessary to prevent future problems of this type. 

I am using enterprise manager to manage the users and roles and I was wondering if someone could assist me with a recommendation for how to configure the roles and permissions properly?  My first thought is to remove the dbowner rule from this account and just modify the public role to do what I need. Is this a correct assumption?

I want the internet user account (iusr) to be able to read and write records to tables, but not to be able to create, drop or delete rows from tables.

I am not a full time DBA, just a developer trying to cover the DBA function for a small company.

Any suggestions would be appreciated.

Thanks,
Gary

Gary,

What I usually do is just allow my web user to execute stored procs.  It makes it a bit easier to manage but limits you to using stored procs.

But,if you are going to change the users permissions for tables, use the DENY statement.  It's in the SQL Books @ http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_de-dz_2b95.asp

I hope this helps!

Shane

Thanks Shane,  I will look at the info on Deny.  We have a lot of stored procedures but we also have a lot of SQL text queries also, but I like the idea of having everything in SP and then only allowing access to them.

Thanks,

Gary