I need help with a problem involving permissioning objects in the database.
I have the following scenario:
1 Database
4 Schemes with the following owners:
-
schemaA ; owner dbo
-
schemaB ; owner ownerX
-
schemaC ; owner ownerX
-
schemaD ; owner ownerX
I have a viewABC view that is in schemaD and gathers table and view information from schemaA , schemaB schemas > and schemaC .
A user userX will have permission of SELECT
in viewABC .
To ensure such ownerX access:
GRANT SELECT ON schemaD.viewABC TO userX;
When userX attempts to execute SELECT
on the view, like this:
SELECT * FROM schemaD.viewABC;
We have the following error:
The SELECT permission was denied on object 'tableA', database data 'MyBank', scheme 'schemaA'.
I understand that the error occurs because tableA is in a schema where ownerX is not the owner and so SQLServer applies the permissions of userX to determine access. As userX does not explicitly access tableA query execution returns the error.
If dbo gives view permission, then the error will also happen for dbo not owning the schemaB and schemaC .
How to resolve this without giving userX permission on tableA ?
Comments: