sql server grant, revoke permission to a user

Question

I wrote a simple c# code that connect to sql-server database and execute a query:

        cmd = new SqlCommand(txtQuery.Text.ToString().Trim(), con);
        cmd         


        

Answer 1

You cannot REVOKE something you did not GRANT. Looks like you want to:

1. investigate and understand why user2 has permission to SELECT
2. possibly DENY permission to SELECT to user2

The permission work like following:

• initialy an user has the poermissions derived from his group mebership (including public roles)
• GRANT explictly grants a privilege
• REVOKE takes back a previously granted priviledge, reverting to the user having the privileges implictily inherited from group(s) memberhip
• DENY denies a privilege

The rules of precedence are that any DENY take precedence over any GRANT or inherited privilege. One can get access through a number of GRANTs but one single DENY will revoke the privilege. You cannot GRANT/REVOKE/DENY permissions to the securable owner (members of db_owner own everything and members of sysadmin own everything on the entire server).