Solved

Sql server Perms?

Posted on 2014-12-02
4
384 Views
Last Modified: 2014-12-02
Hello ,

I went to Databases > Login
Right clicked on the logins and saw this dialog box. See image.
I have a user new – he just needs to run queries within the SQL server. But should I do in this dialog box?
General, server roles, user mapping,  securables etc. – what should I do for this new user  - so that he can’t create or change the DBs but just be able to run  only  update , deletion insertion  queries?
Thank you
perms.png
0
Comment
Question by:Rayne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 65

Assisted Solution

by:Jim Horn
Jim Horn earned 100 total points
ID: 40477086
>he just needs to run queries within the SQL server.
I'd flush out exactly what 'run queries' means:  On a subset of tables, SELECT only vs. insert-update-delete, does he need some reporting assistance, ..

Tread carefully here.
0
 
LVL 69

Assisted Solution

by:Scott Pletcher
Scott Pletcher earned 400 total points
ID: 40477103
>> But should I do in this dialog box? <<

No, never, not once, not ever.  (I hope that was clear enough :-) ).

Always use a script for assigning permissions.


The 100% structured way to do this is to first create your own user-defined role with all the necessary permissions.  Then assign that user -- and any others that need it -- to that role.  The only disadvantage of this role-based approach is that it doesn't cover dynamic SQL.  Granting permissions directly to the user would allow them to use dynamic SQL on the underlying objects as well.

I'll post sample commands for doing this within a few minutes.
0
 
LVL 69

Accepted Solution

by:
Scott Pletcher earned 400 total points
ID: 40477115
CREATE ROLE data_reader_writer AUTHORIZATION dbo
CREATE USER user123 WITHOUT LOGIN --for testing; I assume you already have a username to assign permissions to

--using a role
EXEC sp_addrolemember 'db_datareader', data_reader_writer
EXEC sp_addrolemember 'db_datawriter', data_reader_writer
EXEC sp_addrolemember 'data_reader_writer', user123
--granting permissions directly without a role
EXEC sp_addrolemember 'db_datareader', user123
EXEC sp_addrolemember 'db_datawriter', user123

--test this user
EXEC AS USER = 'user123'
SELECT * FROM dbo.dbs
REVERT

DROP USER user123
DROP ROLE data_reader_writer
0
 

Author Closing Comment

by:Rayne
ID: 40477431
thank you Sire (s)
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
This article describes a serious pitfall that can happen when deleting shapes using VBA.
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question