Udostępnij za pośrednictwem


VIEW DEFINITION Permission

The VIEW DEFINITION permission lets a user see the metadata of the securable on which the permission is granted. However, VIEW DEFINITION permission does not confer access to the securable itself. For example, a user that is granted only VIEW DEFINITION permission on a table can see metadata related to the table in the sys.objects catalog view. However, without additional permissions such as SELECT or CONTROL, the user cannot read data from the table. For more information about viewing metadata, see Metadata Visibility Configuration.

The VIEW DEFINITION permission can be granted on the following levels:

  • Server scope
  • Database scope
  • Schema scope
  • Individual entities

Server Scope

VIEW ANY DEFINITION permission granted at this scope effectively negates permissions-based metadata access for the grantee. This means that the grantee can see all metadata in the instance of SQL Server unless the grantee is denied VIEW DEFINITION or CONTROL permissions at the database scope, schema scope, or for an individual entity such as a table. For information about the syntax to use for this permission at this scope, see GRANT (Transact-SQL).

Note

The permission name is VIEW ANY DEFINITION at the server scope, but VIEW DEFINITION in all other scopes.

Database Scope

VIEW DEFINITION granted at this scope effectively negates permissions-based metadata access for the grantee in the specified database. This means that the grantee can see all metadata in the database context in which the GRANT statement is executed, unless the grantee is denied VIEW DEFINITION or CONTROL permissions at the schema scope or for an individual entity such as a table. For information about the syntax to use for this permission at this scope, see GRANT (Transact-SQL).

Schema Scope

VIEW DEFINITION granted at this scope allows the grantee to see all metadata for all objects that are contained in the specified schema unless the grantee is denied VIEW DEFINITION or CONTROL permissions for an individual entity in the schema. For information about the syntax to use for this permission at this scope, see GRANT Schema Permissions (Transact-SQL).

Individual Entities

VIEW DEFINITION granted to individual entities allows the grantee to see metadata for the specified entity. For information about the syntax to use for this permission for individual entities, see GRANT Object Permissions (Transact-SQL).

You can grant VIEW DEFINITION permission to a user on a securable, for example a table. This lets the user see metadata of the table and any subcomponents that are related to the table, such as triggers, constraints, and indexes.

See Also

Concepts

Metadata Visibility Configuration
Viewing Object Definitions
VIEW ANY DATABASE Permission

Other Resources

sys.objects (Transact-SQL)
GRANT (Transact-SQL)
DENY (Transact-SQL)

Help and Information

Getting SQL Server 2005 Assistance

Change History

Release History

14 April 2006

Updated content:
  • Clarified the meaning of VIEW DEFINITION at the server scope, database scope, and schema scope levels.