Which Transact-SQL statement should you use?

You administer a SQL 2012 server that contains a database named SalesDB. SalesDb contains a
schema named Customers that has a table named Regions. A user named UserA is a member of a
role named Sales.
UserA is granted the Select permission on the Regions table. The Sales role is granted the Select
permission on the Customers schema.
You need to remove the Select permission for UserA on the Regions table. You also need to ensure
that UserA can still access all the tables in the Customers schema, including the Regions table,
through the Sales role permissions.
Which Transact-SQL statement should you use?

You administer a SQL 2012 server that contains a database named SalesDB. SalesDb contains a
schema named Customers that has a table named Regions. A user named UserA is a member of a
role named Sales.
UserA is granted the Select permission on the Regions table. The Sales role is granted the Select
permission on the Customers schema.
You need to remove the Select permission for UserA on the Regions table. You also need to ensure
that UserA can still access all the tables in the Customers schema, including the Regions table,
through the Sales role permissions.
Which Transact-SQL statement should you use?

A.
DENY SELECT ON Object::Regions FROM UserA

B.
DENY SELECT ON Schema::Customers FROM UserA

C.
EXEC sp_addrolemember ‘Sales’, ‘UserA’

D.
REVOKE SELECT ON Object::Regions FROM UserA

E.
REVOKE SELECT ON Object::Regions FROM Sales

F.
EXEC sp_droproiemember ‘Sales’, ‘UserA’

G.
REVOKE SELECT ON Schema::Customers FROM UserA

H.
DENY SELECT ON Object::Regions FROM Sales

I.
DENY SELECT ON Schema::Customers FROM Sales

J.
REVOKE SELECT ON Schema::Customers FROM Sales

Explanation:
http://msdn.microsoft.com/en-us/library/ms188369.aspx
http://msdn.microsoft.com/en-us/library/ms187750.aspx
http://msdn.microsoft.com/en-us/library/ff848791.aspx

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

v

v

I tested this. ‘UserA’ and the Role ‘Sales’ both have SELECT rights on the mentioned table. Removing one will have no affect as UserA is assigned to both.

The only way to fulfill the criteria in the question is to add a DENY SELECT on the table which will stop SELECT statements being run on the table for the said user while leaving all other permissions granted by the role in tact.

Saying this the correct syntax should be TO not FROM and include the schema prefix

DENY SELECT ON Object::Customers.Region TO UserA

Reply

rtaylor25

rtaylor25

I concur with V above. Only issue is that the DENY statement is syntactically incorrect ( https://msdn.microsoft.com/en-us/library/ms173724.aspx) in the answers available. So technically speaking none of the answers provided actually satisfy the requirements proposed in the question.

Reply

KRanseyer

KRanseyer

Guys, you read the last sentence of the question?
D is correct.

Reply

Alex

Alex

Guys the question is vague. It has revoke and grant answer

Reply