You administer a SQL Server 2012 server that contains a database named SalesDB. SalesDb contains
a schema named Customers that has a table named Regions. A user named UserA is a member of a
role named Sales.
UserA is granted the Select permission on the Regions table. The Sales role is granted the Select
permission on the Customers schema.
You need to ensure that UserA is disallowed to select from any of the tables in the Customers
schema.
Which Transact-SQL statement should you use?
A.
DENY SELECT ON Object::Regions FROM UserA
B.
DENY SELECT ON Object::Regions FROM Sales
C.
REVOKE SELECT ON Schema::Customers FROM Sales
D.
REVOKE SELECT ON Schema::Customers FROM UserA
E.
REVOKE SELECT ON Object::Regions FROM Sales
F.
REVOKE SELECT ON Object::Regions FROM UserA
G.
DENY SELECT ON Schema::Customers FROM Sales
H.
DENY SELECT ON Schema::Customers FROM UserA
I.
EXEC sp_addrolemember ‘Sales’, ‘UserA’
J.
EXEC sp droprolemember ‘Sales’, ‘UserA’
Explanation:
http://msdn.microsoft.com/en-us/library/ms188369.aspx
http://msdn.microsoft.com/en-us/library/ms187750.aspx
http://msdn.microsoft.com/en-us/library/ff848791.aspx
again: correct would be:
deny select on securable —-TO—- principal
F + J (revoking the existing grant for A and removing A from the role)
… although it probably would have other consequences….