I am confused.
I create a new login "dbadmin" with Server Role : Public, Diskadmin, securityadmin,sysadmin, serveradmin and dbcreator
I already have a geodatabase with the system table under schema SDE. and also i have some tables under DBO schema
With this dbadmin, i create a Database Role: role_editor, and also i create user named "user_editor". User_editor is member of role_editor
In the Database Role property for role_editor, i specify permission for dbo: SELECT,INSERT,ALTER,EXECUTE,DELETE and UPDATE. For sde, i do not specify any permissions.
1. when i log on as user_editor, I can see all tables in SDE schema. I can do "select * from sde.tabelxxx" too. Why ? Should SDE tables be hidden ?
2. Then I change the permission of sde in Database Role role_editor so that the SELECT is DENY. Then I cant do SELECT. Why should I specify DENY SELECT for SDE schema ? Shouldnt SELECT is automatically denied since i do not state the permission on SDE schema ?
3. Shouldnt it the other way around, i should specify permission in the Database Role for SDE schema instead of DBO ?
[Database: SQL Server 2012, ArcSDE 10.1]