How to Revoke Schema Ownership from db_datareader and db_datawriter in SQL Server


2 views

In SQL Server, schemas are containers that hold database objects like tables, views, and procedures. The built-in schemas db_datareader and db_datawriter are special because they're associated with database roles of the same name. Accidentally assigning a user as the owner of these schemas can create confusion and potential security implications.

While SQL Server allows assigning ownership of these schemas to users, it's generally not recommended because:

  • It might create confusion about the actual purpose of these schemas
  • It could potentially affect permission inheritance
  • It may complicate user management if you need to drop the user later

To properly undo this assignment and return ownership to the system, use the following T-SQL commands:

-- Reassign db_datareader schema ownership
ALTER AUTHORIZATION ON SCHEMA::[db_datareader] TO [dbo];

-- Reassign db_datawriter schema ownership
ALTER AUTHORIZATION ON SCHEMA::[db_datawriter] TO [dbo];

After running these commands, verify the changes with:

SELECT 
    s.name AS schema_name,
    dp.name AS owner_name
FROM sys.schemas s
JOIN sys.database_principals dp ON s.principal_id = dp.principal_id
WHERE s.name IN ('db_datareader', 'db_datawriter');

If you prefer to assign ownership back to the roles themselves (though this is less common), you can use:

ALTER AUTHORIZATION ON SCHEMA::[db_datareader] TO [db_datareader];
ALTER AUTHORIZATION ON SCHEMA::[db_datawriter] TO [db_datawriter];
  • You need sufficient permissions (typically db_owner or sysadmin) to execute these commands
  • In SQL Server 2005 (as in your case), the syntax is the same as in later versions
  • Consider documenting such changes in your database change management system

During routine SQL Server permission management, a common mistake occurs when assigning database roles. Instead of adding a user to the db_datareader and db_datawriter database roles, administrators sometimes accidentally grant schema ownership of these built-in schemas to the user.

While SQL Server allows schema ownership assignment to users, it's generally not recommended for system schemas because:

  • It creates unnecessary dependencies between user accounts and system objects
  • May cause issues during user deletion (though SQL Server protects built-in schemas)
  • Could potentially affect permission inheritance

To revert the schema ownership back to the system, use these T-SQL commands:

-- For SQL Server 2005 and later
ALTER AUTHORIZATION ON SCHEMA::[db_datareader] TO [dbo];
ALTER AUTHORIZATION ON SCHEMA::[db_datawriter] TO [dbo];

-- For modern SQL Server versions (2012+), you can also use:
ALTER SCHEMA [db_datareader] TRANSFER OWNER TO [dbo];
ALTER SCHEMA [db_datawriter] TRANSFER OWNER TO [dbo];

To check current schema ownership:

SELECT 
    s.name AS schema_name,
    dp.name AS owner_name
FROM sys.schemas s
JOIN sys.database_principals dp ON s.principal_id = dp.principal_id
WHERE s.name IN ('db_datareader', 'db_datawriter');

When assigning permissions, always use the proper syntax for role membership:

-- Correct way to grant role membership
USE [YourDatabase]
GO
ALTER ROLE [db_datareader] ADD MEMBER [YourUser];
ALTER ROLE [db_datawriter] ADD MEMBER [YourUser];
GO

In some SQL Server versions, you might need to:

  1. First revoke all permissions granted through the schema
  2. Change ownership in single-user mode if encountering locks
  3. Refresh permissions after the change