I have a database (SQL 2005) that is used internally and the various
internal user's applications can access the tables, views, stored
procedures, etc.  Note that the owner on all objects within the db is 'dbo'

They want an external user to access specific data in the database (Let's
call the database InsideDB).  So I want to restrict this user from doing
absolutely anything but accessing a custom view.

Here is a simplified example of what I did

- I created a SCHEMA named [OutsideSchema]
- I created a VIEW named [OutsideSchema].[OutsideView]
- I created a role named [OutsideRole]
- I created a user named [OutsideUser]
- I made [OutsideUser] a member of [OutsideRole]
- I executed 'GRANT SELECT ON SCHEMA::[OutsideSchema] TO [OutsideRole]
- I executed 'REVOKE VIEW ANY DATABASE FROM PUBLIC'

I then logged in as [OutsideUser] and was not able to see any databases nor
SELECT from any tables in InsideDB.

However, I was able to SELECT * FROM dbo.vwItems (and all other views) as
well as execute the user stored procedures.

Looking at the various permissions it seems that all logged in users belong
to PUBLIC which gives them SELECT permissions into the views.

There doesn't seem to be a way to delete PUBLIC.  I know that I can go
through each individual view and remove SELECT permissions but what happens
when a new VIEW is added?  Won't this user get access to it automatically
unless I go back and remove the permissions for the new VIEW as well?

I thought it should be easy to create a new user/schema that has absolutely
no permissions for anything to start with.  And then built up only what is
necessary.  Is this possible?

I am very aware that I need more understanding of SQL and the various
permission structures, etc. so if anyone also has a suggestion for a good
book on the subject I wouldn't mind getting a recommendation.

Many thanks

Richard