For a given role 'dev_role', I'm trying to be restrictive to SELECT and VIEW DEFINITION for a particular schema 'foo', but otherwise, I wish to confer GRANT ALTER to dev_role.How can I make schema 'foo' restrictive for dev_role while retaining ALTER permissions across the database apart from 'foo'?[code="sql"]grant alter to dev_role;grant select, view definition on schema::foo to dev_role;[/code]This lets me do the following, which I [b]don't[/b] want:[code="sql"]create table foo.bar (i int);[/code]If I subsequently use: [code="sql"]deny control on schema::foo to dev_role[/code]...then I'm rather unsurprisingly unable to run the following:[code="sql"]select * from foo.mytable[/code]I must be missing something basic, but thus far no joy...- John
↧