Sql server Perms?

Hello ,

I went to Databases > Login
Right clicked on the logins and saw this dialog box. See image.
I have a user new – he just needs to run queries within the SQL server. But should I do in this dialog box?
General, server roles, user mapping,  securables etc. – what should I do for this new user  - so that he can’t create or change the DBs but just be able to run  only  update , deletion insertion  queries?
Thank you
perms.png
RayneAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jim HornMicrosoft SQL Server Developer, Architect, and AuthorCommented:
>he just needs to run queries within the SQL server.
I'd flush out exactly what 'run queries' means:  On a subset of tables, SELECT only vs. insert-update-delete, does he need some reporting assistance, ..

Tread carefully here.
0
Scott PletcherSenior DBACommented:
>> But should I do in this dialog box? <<

No, never, not once, not ever.  (I hope that was clear enough :-) ).

Always use a script for assigning permissions.


The 100% structured way to do this is to first create your own user-defined role with all the necessary permissions.  Then assign that user -- and any others that need it -- to that role.  The only disadvantage of this role-based approach is that it doesn't cover dynamic SQL.  Granting permissions directly to the user would allow them to use dynamic SQL on the underlying objects as well.

I'll post sample commands for doing this within a few minutes.
0
Scott PletcherSenior DBACommented:
CREATE ROLE data_reader_writer AUTHORIZATION dbo
CREATE USER user123 WITHOUT LOGIN --for testing; I assume you already have a username to assign permissions to

--using a role
EXEC sp_addrolemember 'db_datareader', data_reader_writer
EXEC sp_addrolemember 'db_datawriter', data_reader_writer
EXEC sp_addrolemember 'data_reader_writer', user123
--granting permissions directly without a role
EXEC sp_addrolemember 'db_datareader', user123
EXEC sp_addrolemember 'db_datawriter', user123

--test this user
EXEC AS USER = 'user123'
SELECT * FROM dbo.dbs
REVERT

DROP USER user123
DROP ROLE data_reader_writer
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RayneAuthor Commented:
thank you Sire (s)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server

From novice to tech pro — start learning today.