You need to write the code required to give the new hire only the desired access, using the smallest number of steps

DRAG DROP
You are the senior database administrator at Contoso, Ltd. You manage a SQL Server 2014
Instance, with multiple databases used for reporting.
You have recently hired a junior database administrator. You want this person to be able to
view the database structures on the server, but you do not want him or her to be able to
make changes or see the data in the tables.
The new hire’s login credentials are as follows:
Login name: JFree
Password: Jx672$qse
You want the new hire to be required to change his password on his next login.
The code that is produced should execute no matter the initial database context in which it is started.
You need to write the code required to give the new hire only the desired access, using the
smallest number of steps. Develop the solution by selecting and arranging the required code
blocks in the correct order. You may not need all of the code blocks.

Answer: See the explanation.

Explanation:

Box 1:

Box 2:

Note:
* MUST_CHANGE
Applies to: SQL Server 2008 through SQL Server 2014.
Applies to SQL Server logins only. If this option is included, SQL Server prompts the user for
a new password the first time the new login is used.
* The VIEW DEFINITION permission lets a user see the metadata of the securable on which
the permission is granted. However, VIEW DEFINITION permission does not confer access
to the securable itself. For example, a user that is granted only VIEW DEFINITION
permission on a table can see metadata related to the table in the sys.objects catalog view.
However, without additional permissions such as SELECT or CONTROL, the user cannot
read data from the table.