To prevent the formal environment database from being tampered with, but also to ensure that the normal query processing problems, you can set the database access permissions to the account db_datareader
Database permissions: A separate set of priority, such as given an account read-only permission, if you do not open a table to write permissions to this account, then the individual set of write permissions to the highest priority.
Note: db_datareader does not have stored procedure access, if you want to open, as follows:
GRANT EXEC to Datareadergrant ALTER to DataReader
Fixed database role
db_owner database owner
Db_accessadmin Database access Administrator
Db_securityadmin Database Security Administrator
db_ddladmin Database DDL Administrator
Db_backupoperator Database backup operator
db_datareader Database Data reader
Db_datawriter Database Data Writer
Db_denydatareader database rejects data reader
Db_denydatawriter database rejects data writer
Fixed server role Description
The sysadmin makes any activity in SQL Server. The permissions for this role span all other fixed server roles.
ServerAdmin Configure server-wide settings to shut down the server.
Setupadmin add and remove linked servers and perform some system stored procedures (such as sp_serveroption).
Securityadmin Management Server logins and CREATE DATABASE permissions, you can also read the error log and change the password:
Processadmin manages the processes running in an instance of SQL Server.
DBCreator create, Alter, and drop databases.
Diskadmin Manage disk files.
Bulkadmin executes the BULK INSERT statement.
Permissions for fixed database roles
Read-only account Settings-db_datareader