A privileges granted to a user for enterprise geodatabase layer,
I couldn’t figure out how a user can “see” layers stored in enterprise geodatabase while this user is not granted any privileges.
What might be the issue here?
How Could Ali access the “communities” layer while he has not given any privileges to it?
Check that the user is not granted db_owner privileges using SQL Server Management Studio. Or, you can create a feature class when connected as the 'ali' user. If the owner of the feature class is DBO, then this user has db_owner privileges.
Is it a database login or a Windows Authenticated login that you are using?
Is the login part of any Group? ?
Also as Sol suggested, can you please confirm what permissions this login has?
What might be the issue here? Is this a normal behavior?
How Hassan can see all the layers stored in the “Q” despite the fact that he is not granted any privileges to any layer?
When you are using the "Create Database User" tool, certain permissions are automatically granted to the new login.
However, the above 4 permissions should not automatically allow the new login to preview any existing data.
Try creating the new login from the database end,Map it to the database and check if the behaviour is still reproduced.
The “add database user” tool enables the user to access the database itself (Q) but not any of its content (layers). This user still needs to be granted permissions at the level of each layer stored in the database to be able to access them.
Am I correct?
In the current behavior, the database user doesn’t need to be granted particular privileges to access the layers stored in the database!
Yes, you are right. Permissions\privileges have to be granted separately for previewing the layers.
Did you try creating a new login at the database end and then mapping it to the database? Did it show the same behaviour?