Export (0) Print
Expand All

VIEW DEFINITION Permission

The VIEW DEFINITION permission lets a user see the metadata of the securable on which the permission is granted. However, VIEW DEFINITION permission does not confer access to the securable itself. For example, a user that is granted only VIEW DEFINITION permission on a table can see metadata related to the table in the sys.objects catalog view. However, without additional permissions such as SELECT or CONTROL, the user cannot read data from the table. For more information about viewing metadata, see GRANT (Transact-SQL).

The VIEW DEFINITION permission can be granted on the following levels:

  • Server scope

  • Database scope

  • Schema scope

  • Individual entities

VIEW ANY DEFINITION permission granted at this scope effectively negates permissions-based metadata access for the grantee. This means that the grantee can see all metadata in the instance of SQL Server unless the grantee is denied VIEW DEFINITION or CONTROL permissions at the database scope, schema scope, or for an individual entity such as a table. For information about the syntax to use for this permission at this scope, see GRANT (Transact-SQL).

NoteNote

The permission name is VIEW ANY DEFINITION at the server scope, but VIEW DEFINITION in all other scopes.

VIEW DEFINITION granted at this scope effectively negates permissions-based metadata access for the grantee in the specified database. This means that the grantee can see all metadata in the database context in which the GRANT statement is executed, unless the grantee is denied VIEW DEFINITION or CONTROL permissions at the schema scope or for an individual entity such as a table. For information about the syntax to use for this permission at this scope, see GRANT (Transact-SQL).

VIEW DEFINITION granted at this scope allows the grantee to see all metadata for all objects that are contained in the specified schema unless the grantee is denied VIEW DEFINITION or CONTROL permissions for an individual entity in the schema. For information about the syntax to use for this permission at this scope, see GRANT Schema Permissions (Transact-SQL).

VIEW DEFINITION granted to individual entities allows the grantee to see metadata for the specified entity. For information about the syntax to use for this permission for individual entities, see GRANT Object Permissions (Transact-SQL).

You can grant VIEW DEFINITION permission to a user on a securable, for example a table. This lets the user see metadata of the table and any subcomponents that are related to the table, such as triggers, constraints, and indexes.

Community Additions

ADD
Show:
© 2014 Microsoft