I've not heard of this before? What's the specific situation it is supposed to protect against?
GRANT is a little unusual in that it doesn't generate an error if you grant the same permission twice. If you try to add a user to role twice, you get an error.
The problem described is revoking it from a user before granting to the same user. If it's a different user then it's just revoking from one user and granting to a different user.
Thankyou both. I don't think this would change anything but... It was actually involving a schema and a Database Role. And yes the same Role in both the Revoke and the Grant
REVOKE EXECUTE ON SCHEMA::[schema1] TO [DBRole1];
GRANT EXECUTE ON SCHEMA::[schema1] TO [DBRole1];
The rational provided to me was: A Revoke/Grant is more explicit than a Grant only.
different shops have their own "culture" of doing things. to me I have never ran into this type of approach. it is just DB Admin's way of doing things. nothing technically wrong with it, just the DB Admin way.
Not "DBA", "Senior Database Developer" said. Hopefully a DBA wouldn't do that; he/she would at least check for existence before issuing a REVOKE. (Yes, I am a "Senior DBA".)
It checks that both the Schema and Role exist first. I didn't post that as I didn't want to clutter the post. I was focused on the Revoke/Grant vs Grant only