You have an HR database that all users will be allowed to read from to obtain information, but only the HR department should be able to read from and update the data in the database. Select the easiest and most secure way to ensure this.
Answer: – Add all the users who are not in the HR department to the db_datareader and bd_denydatawriter database roles, and add all the users from the HR department to the db_datareader and db_datawrite database roles.
(Users can be members of more than one group, so it is easiest to add the members of HR to the db_datareader and db_datawriter roles; add everyone else to the db_datareader role to grant the permission to read data and to the db_denydatawriter role to deny them the permission to modify data.)