Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You administer a SQL Server Instance at Contoso Ltd.
A new employee named Kim Ralls must be able to read data only from the dbo.Order table in the SalesDB database.
You create a SQL login named KimRalls. You then create a SQL user account named KimRalls in SalesDB. The user account is associated with the SQL login.
You need to grant KimRalls the necessary permission or permissions. Your solution must follow the principle of least privilege.
Solution: You perform the following actions:
– Create a custom database role named OrderReader in SalesDB.
– Grant the View Definition permission on dbo.Order to the OrderReader role.
– Add KimRalls to the OrderReader role.
Does the solution meet the goal?
A . Yes
B . No
Answer: B
Explanation:
The VIEW DEFINITION permission lets a user see the metadata of the securable on which the permission is granted.
However, VIEW DEFINITION permission does not confer access to the securable itself.
References: http://learn.extreme-advice.com/index.php?topic=31.0
Leave a Reply