Granting CREATE VIEW Permission at Schema Level in SQL Server

Problem: Users are unable to create views in a database even after being granted the CREATE VIEW permission. How can this issue be resolved?

Solution: In SQL Server 2005 and 2008, permissions can be granted at the schema level. By granting the necessary permissions at the schema level, users will be able to create views without encountering permission errors.

First, let’s set up an example scenario:

CREATE DATABASE MSSQLTips;
GO

USE MSSQLTips;
GO

CREATE ROLE LimitedCreatorRights;
GO

GRANT CREATE VIEW TO LimitedCreatorRights;
GO

GRANT SELECT ON SCHEMA::dbo TO LimitedCreatorRights;
GO

CREATE USER TestUser WITHOUT LOGIN;
GO

EXEC sp_addrolemember 'LimitedCreatorRights', 'TestUser';
GO

CREATE TABLE dbo.ATest (TestID INT);
GO

In the above example, we have created a database, a role called “LimitedCreatorRights”, and a user called “TestUser”. The “LimitedCreatorRights” role has been granted the CREATE VIEW permission and SELECT permission on the dbo schema. The TestUser has been added as a member of the LimitedCreatorRights role.

However, the TestUser does not have permission to create tables. Let’s see what happens when the TestUser tries to create a table:

USE MSSQLTips;
GO

-- This will fail, as TestUser doesn't have CREATE TABLE permissions
EXECUTE AS USER = 'TestUser';
GO

CREATE TABLE dbo.ASecondTable (TestID INT);
GO

REVERT;
GO

As expected, the TestUser is unable to create a table in the dbo schema.

Similarly, if the TestUser tries to create a view, it will also fail:

-- This will fail, as TestUser does have CREATE VIEW rights
-- but does not have permission to alter the dbo schema
EXECUTE AS USER = 'TestUser';
GO

CREATE VIEW dbo.AView AS SELECT TestID FROM dbo.ATest;
GO

REVERT;
GO

The TestUser does have the CREATE VIEW permission, but it lacks permission to alter the dbo schema, which is required to create views.

To solve this issue, we need to grant the ALTER permission on the dbo schema to the LimitedCreatorRights role:

-- Once permission is granted, re-run the previous CREATE VIEW
-- statement. It will now succeed.
GRANT ALTER ON SCHEMA::dbo TO LimitedCreatorRights;
GO

Now, if we re-run the CREATE VIEW statement, it will succeed:

EXECUTE AS USER = 'TestUser';
GO

CREATE VIEW dbo.AView AS SELECT TestID FROM dbo.ATest;
GO

REVERT;
GO

However, granting ALTER permission on the dbo schema also allows the TestUser to alter and drop objects within that schema, including tables. This may not be desirable.

To address this issue, a DDL trigger can be used to intercept ALTER TABLE and DROP TABLE events. This will be covered in a follow-on tip.

In conclusion, by granting CREATE VIEW permission at the schema level and ensuring the necessary ALTER permission on the schema, users can create views without encountering permission errors. However, caution should be exercised to prevent unintended modifications or deletions of objects within the schema.

Click to rate this post!

[Total: 0 Average: 0]

Comprehensive 360 Degree Assessment

Data Replication

Performance Optimization

Data Security

Database Migration

Expert Consultation

Cloud Migration Made Easy

Considering a move to the cloud? Axial SQL brings you proven migration strategies to streamline your transition. Our expert team ensures a smooth, efficient shift, keeping your data safe and accessible. Start your journey to the cloud with confidence!

SQL Performance Optimization

Is your SQL running slower than expected? Don't let sluggish performance hinder your business. Our optimization experts at Axial SQL specialize in tuning your databases for peak performance. Speed up your SQL and supercharge your data processing today!

Database Stability Solutions

Tired of frequent database outages? Discover stability with Axial SQL! Our comprehensive analysis identifies and resolves your database vulnerabilities. Enhance reliability, reduce downtime, and keep your operations running smoothly with our expert guidance.

Expert Database Team Evaluation

Questioning your database team's efficiency? Let Axial SQL provide an expert, unbiased analysis. We assess your team's strategies and workflows, offering insights and improvements to boost productivity. Elevate your database management to new heights!

Data Security Assurance

Concerned about your database security? Axial SQL is here to fortify your data defenses. Our specialized security assessments identify potential risks and implement robust protections. Keep your sensitive data secure and your peace of mind intact with our expert services.

Published on

Granting CREATE VIEW Permission at Schema Level in SQL Server

Let's work together