sqlsql-serverdatabase-security

Disable update, insert, delete for certain users from certain applications


Is it possible to create some "system" trigger, through which it would be possible to enable / disable the execution of update, insert, delete commands on the whole database, for certain users and / or certain applications?

I know I can do a logon trigger that will not allow the users to log in and / or from applications to the SQL server. I know it would probably work by creating triggers on each table, but that's impractical. After all, the SSMS Activity Monitor sees exactly which user is running which command from which host.

Example: Application1, application2 and user1, user2

SQL Server 2014:


Solution

  • I solved it by combining of linking servers (RO user) from Test SQL server and logon trigger on Prod SQL server. Thanks.