Wednesday, July 31, 2013

The SELECT ALL USER SECURABLES Permission in SQL Server 2014 CTP1

The SELECT ALL USER SECURABLES permission in SQL Server 2014 CTP1 is a very useful new server-level permission.

When granted, the login that was granted this permission can view the data in all databases that the user can connect to.

For example, consider a scenario where you have the following three databases:
  • db1
  • db2
  • db3
Each database has a different login that accesses its data. So if you do not have sysadmin access on the SQL Server instance, in order to access the data in all databases you will have to log in three times, each time using a different login.
However, if the DBA grant a new login (for example db123) with the "SELECT ALL USER SECURABLES" permission then the new login will be able to access the data in all three databases.

Using the visual way, you can achieve this using two steps:
Step 1: Map the login (db123) to the default schema of DB1, DB2 and DB3

Step 2: Grant the login (db123) with the "Select All User Securables" permission

As you can see in the last screenshot, it was possible to retrieve the data from all three databases by just using the login db123 which was only granted with the server-level permission "Select All User Securables":

My Latest Projects:

Check out my latest eBook on SQL Server:
Tuning SQL Server - Ebook

Easily secure your SQL Server instances! Try out DBA Security Advisor!
DBA Security Advisor for SQL Server by SQLArtBits
DBA Security Advisor was developed by SQLArtBits. The tool was being carefully developed for an entire year and it contains comprehensive security checks and recommendations based on proven SQL Server security best practices. Feel free to download and use the Community Edition which is free and if you find it useful, you can consider upgrading to the Enterprise Edition!

Artemakis Artemiou [MVP]

Author & Editor

Artemakis Artemiou is a Senior SQL Server Architect, Software Developer and Microsoft Data Platform MVP. He is also an author, regular blogger, president of Cyprus.NET User Group and CY Country leader of INETA-EU. He is also the creator of DBA Security Advisor and In-Memory OLTP Simulator. Artemakis is a frequent guest author of worldwide well-respected online journals where he writes articles focusing on many SQL Server topics.

Reference: The SQL Server and .NET Hub (