This article was previously published under Q247749
This article has been archived. It is offered "as is" and will no longer be updated.
BUG #: 56806 (SQLBUG_70)
If a user or role has table level permissions and column level permissions on a particular table, the SQL Script generated using Enterprise Manager does not script both the permissions. Enterprise Manager only generates table level permissions.
Microsoft has confirmed this to be a problem in SQL Server 7.0. This problem has been corrected in U.S. Service Pack 3 for Microsoft SQL Server 7.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
274799 INF: How to Obtain Service Pack 3 for Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0
For more information, contact your primary support provider.
Steps to Reproduce Behavior
Use these steps to reproduce the behavior:
Create a table named table1 using this code:
CREATE TABLE [dbo].[table1] ( [col1] [varchar] (16) NOT NULL , [col2] [int] NULL ) ON [PRIMARY]GO
Create a Role named role1 using this code:
EXEC sp_addrole N'role1'
Run the following code:
GRANT SELECT, INSERT, DELETE ON [dbo].[table1] TO [role1]GO
Generate the SQL script using SQL Enterprise Manager. This successfully shows everything including the Table Level Permissions.
Next, run this code:
GRANT UPDATE ON [dbo].[table1] ([col1]) to role1GO
Generate the SQL script using SQL Enterprise Manager. This successfully shows everything including the Column Level Permissions
Now, run this code:
GRANT SELECT , INSERT , DELETE ON [dbo].[table1] TO [role1]GOGRANT UPDATE ON [dbo].[table1] ([col1]) to role1GO
Generate the SQL script using SQL Enterprise Manager. This will only show Table Level Permissions, No Column Level Permissions.
The order of the execution of the GRANT statements (first table level then Column level or vice versa) does not matter. The generated SQL Script does not have the Column Level Permissions, but in actuality, can do all the things like UPDATE on the specific column the user is permitted to and perform all the activities that the user is permitted to at the table level. The actual permissions are intact, they just are not shown in the script that is generated.