Creating read-only permissions for Microsoft SharePoint database users
Restrict user access on the SharePoint database by granting read-only permissions on objects.
Procedure
- From the Object Explorer in your SharePoint database, click Security. Expand the Security folder tree.
- Right-click Logins and select New Login.
-
For Windows authentication, complete the following
steps:
- On the General page, click Search.
- Click Locations. From the Locations page, select a location that the user belongs to and click OK.
-
Enter the object name in the text-box, and click Check Names to validate
the user.
Note: Set the Default database to WSS_Logging.
- On the Server Roles page, select public.
- On the User Mapping page, select the WSS_Content and WSS_Logging. In the Default Schema column, click ... > Browse... and select db_datareader as the default schema.
- On the Status page, select Grant permission to connect to the database engine and select Enabled login.
-
From the Object Explorer in your SharePoint database, click Databases > WSS_Logging > Security > Users.
- Double-click the Windows user that was created in step 3.
- On the Securables page, click Search.
- On the Add Objects page, select Specific objects... and click OK.
- Click Object Types... and select Views.
- For object names, click Browse and select the database view that you created. For example, [dbo].[AuditEvent].
- For the permissions of the database view you select, grant Select.
- Click OK.
-
From the Object Explorer in your SharePoint database, click Databases > WSS_Content > Security > Users.
- Double-click the Windows user that was created in step 3.
- On the Securables page, click Search.
- On the Add Objects page, select Specific objects... and click OK.
- Click Object Types... and select Tables.
- For object names, click Browse. Select [dbo].[AuditData] and [dbo].[UserInfo].
- For the permissions of the AuditData table, grant Select.
- For the permissions of the UserInfo table, grant Select.
- Click OK.