VIEW DEFINITION Permission
The VIEW DEFINITION permission lets a user see the metadata of the securable on which the permission is granted. However, VIEW DEFINITION permission does not confer access to the securable itself. For example, a user that is granted only VIEW DEFINITION permission on a table can see metadata related to the table in the sys.objects catalog view. However, without additional permissions such as SELECT or CONTROL, the user cannot read data from the table. For more information about viewing metadata, see Metadata Visibility Configuration.
The VIEW DEFINITION permission can be granted on the following levels:
- Server scope
- Database scope
- Schema scope
- Individual entities
Server Scope
VIEW ANY DEFINITION permission granted at this scope effectively negates permissions-based metadata access for the grantee. This means that the grantee can see all metadata in the instance of SQL Server unless the grantee is denied VIEW DEFINITION or CONTROL permissions at the database scope, schema scope, or for an individual entity such as a table. For information about the syntax to use for this permission at this scope, see GRANT (Transact-SQL).
Note
The permission name is VIEW ANY DEFINITION at the server scope, but VIEW DEFINITION in all other scopes.
Database Scope
VIEW DEFINITION granted at this scope effectively negates permissions-based metadata access for the grantee in the specified database. This means that the grantee can see all metadata in the database context in which the GRANT statement is executed, unless the grantee is denied VIEW DEFINITION or CONTROL permissions at the schema scope or for an individual entity such as a table. For information about the syntax to use for this permission at this scope, see GRANT (Transact-SQL).
Schema Scope
VIEW DEFINITION granted at this scope allows the grantee to see all metadata for all objects that are contained in the specified schema unless the grantee is denied VIEW DEFINITION or CONTROL permissions for an individual entity in the schema. For information about the syntax to use for this permission at this scope, see GRANT Schema Permissions (Transact-SQL).
Individual Entities
VIEW DEFINITION granted to individual entities allows the grantee to see metadata for the specified entity. For information about the syntax to use for this permission for individual entities, see GRANT Object Permissions (Transact-SQL).
You can grant VIEW DEFINITION permission to a user on a securable, for example a table. This lets the user see metadata of the table and any subcomponents that are related to the table, such as triggers, constraints, and indexes.
See Also
Concepts
Metadata Visibility Configuration
Viewing Object Definitions
VIEW ANY DATABASE Permission
Other Resources
sys.objects (Transact-SQL)
GRANT (Transact-SQL)
DENY (Transact-SQL)
Help and Information
Getting SQL Server 2005 Assistance
Change History
Release | History |
---|---|
14 April 2006 |
|