Which Transact-SQL statement should you use?

You administer a SQL Server 2012 server that contains a database named SalesDb.
SalesDb contains a schema named Customers that has a table named Regions.
A user named UserA is a member of a role named Sales.
UserA is granted the Select permission on the Regions table and the Sales role is granted the Select
permission on the Customers schema.
You need to ensure that the Sales role, including UserA, is disallowed to select from the Regions table.
Which Transact-SQL statement should you use?

You administer a SQL Server 2012 server that contains a database named SalesDb.
SalesDb contains a schema named Customers that has a table named Regions.
A user named UserA is a member of a role named Sales.
UserA is granted the Select permission on the Regions table and the Sales role is granted the Select
permission on the Customers schema.
You need to ensure that the Sales role, including UserA, is disallowed to select from the Regions table.
Which Transact-SQL statement should you use?

A.
REVOKE SELECT ON Schema::Customers FROM UserA

B.
REVOKE SELECT ON Object::Regions FROM UserA

C.
EXEC sp_addrolemember ‘Sales’, ‘UserA’

D.
DENY SELECT ON Schema::Customers FROM Sales

E.
EXEC sp_droprolemember ‘Sales’, ‘UserA’

F.
REVOKE SELECT ON Schema::Customers FROM Sales

G.
DENY SELECT ON Object::Regions FROM UserA

H.
REVOKE SELECT ON Object::Regions FROM Sales

I.
DENY SELECT ON Schema::Customers FROM UserA

J.
DENY SELECT ON Object::Regions FROM Sales

Explanation:
http://msdn.microsoft.com/en-us/library/ms188369.aspx
http://msdn.microsoft.com/en-us/library/ms187750.aspx
http://msdn.microsoft.com/en-us/library/ff848791.aspx

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

Slazenjer_m

Slazenjer_m

DENY SELECT ON Object::Regions FROM Sales

Reply

Slazenjer_m

Slazenjer_m

Sorry, correct answer is option H: REVOKE SELECT ON Object::Regions FROM Sales

REVOKE: Removes a previously granted or denied permission.

DENY: Denies a permission to a principal; prevents that principal from inheriting the permission through its group or role memberships.

Correct syntax for DENY is:
DENY { ALL [ PRIVILEGES ] }
| permission [ ( column [ ,…n ] ) ] [ ,…n ]
[ ON [ class :: ] securable ] TO principal [ ,…n ]
[ CASCADE] [ AS principal ]

Correct syntax for REVOKE is:
REVOKE [ GRANT OPTION FOR ]
{
[ ALL [ PRIVILEGES ] ]
|
permission [ ( column [ ,…n ] ) ] [ ,…n ]
}
[ ON [ class :: ] securable ]
{ TO | FROM } principal [ ,…n ]
[ CASCADE] [ AS principal ]

Reply

sqljedi

sqljedi

The requirement is to disallow access, not to remove a previous grant.

Answer: J
DENY SELECT ON Object::Regions FROM Sales

Reply