crud are useless if sql has been denied permissions from back-end

?????

i mean i worked on a sql server spx generator and connected with it using cf but it seems the drivers are not capable if the permissions are dnied in the sql server even i login with windows Auth

Surely, that just makes sense doesn't it? If you're using an account that only has permission to READ, then you can't expect to use that account and WRITE. Authentication isn't about permissions. Authentication is "just" does this username exist and does the password match. (you might use tokens or keys - but they're just more secure replacements for a password.) So using "Windows" authentication as opposed to a DB user / password - isn't a difference to care about Authorisation is different. In a corporate ID tree (MS Active Directory / etc.) what you can or can't do on the network, with network resources, is normally controlled by groups - because it just makes network administration easier to manage. If the user you're using in the Lucee DataSource needs permission "X" in the database for the application to work correctly, speak with the network / DB administrators, explain what you need and get an appropriate account created or an existing one edited, to suit the requirements of the application.