Creating read-only permissions for Microsoft SharePoint database users

Restrict user access on the SharePoint database by granting read-only permissions on objects.

Procedure

  1. From the Object Explorer in your SharePoint database, click Security. Expand the Security folder tree.
  2. Right-click Logins and select New Login.
  3. For Windows authentication, complete the following steps:
    1. On the General page, click Search.
    2. Click Locations. From the Locations page, select a location that the user belongs to and click OK.
    3. Enter the object name in the text-box, and click Check Names to validate the user.
      Note: Set the Default database to WSS_Logging.
    4. On the Server Roles page, select public.
    5. On the User Mapping page, select the WSS_Content and WSS_Logging. In the Default Schema column, click ... > Browse... and select db_datareader as the default schema.
    6. On the Status page, select Grant permission to connect to the database engine and select Enabled login.
  4. From the Object Explorer in your SharePoint database, click Databases > WSS_Logging > Security > Users.
    1. Double-click the Windows user that was created in step 3.
    2. On the Securables page, click Search.
    3. On the Add Objects page, select Specific objects... and click OK.
    4. Click Object Types... and select Views.
    5. For object names, click Browse and select the database view that you created. For example, [dbo].[AuditEvent].
    6. For the permissions of the database view you select, grant Select.
    7. Click OK.
  5. From the Object Explorer in your SharePoint database, click Databases > WSS_Content > Security > Users.
    1. Double-click the Windows user that was created in step 3.
    2. On the Securables page, click Search.
    3. On the Add Objects page, select Specific objects... and click OK.
    4. Click Object Types... and select Tables.
    5. For object names, click Browse. Select [dbo].[AuditData] and [dbo].[UserInfo].
    6. For the permissions of the AuditData table, grant Select.
    7. For the permissions of the UserInfo table, grant Select.
    8. Click OK.