June 27, 2011 at 12:30 am
hi..
i want to create a different user with different permissions..
i have one database..named School Database..
now what i want is i want the principle with different
login name and password and the staff with different login name
and password..
and the main thing the principle should have the rights to
create delete and edit permission and the staff should have
only the read permission ...
I'm using Sql server 2008
help me....
June 27, 2011 at 12:46 am
CREATE LOGIN [Domain\Username] FROM WINDOWS WITH DEFAULT_DATABASE=[SomeDB], DEFAULT_LANGUAGE=[us_english]
GO
USE [SomeDB]
GO
CREATE USER [SomeUSer] FOR LOGIN [Domain\Username] WITH DEFAULT_SCHEMA=[dbo]
GO
GRANT SELECT ON [OBJECT] TO SOMEUSER
GRANT UPDATE ON [OBJECT] TO SOMEUSER
Perform the above steps then repeat the same for the next principal and user with only grant select permissions.
June 27, 2011 at 12:54 am
thanks for the reply ..
in domain what we should write..
and for edit permission what we should write..
June 27, 2011 at 1:31 am
Grant update = edit permission , if you need to add new rows use grant insert
domain is the network name , say for example your company is amazon and your email id is a.b@amazon.com
then your windows nt login id would probably be something like
Amazon\a.b
where Amazon = Domain
June 27, 2011 at 3:03 am
Follow the below steps, if you need to create SQL Logins instead of windows
-- Creating Login For Principal
Create Login [PrincipalLoginName] With Password = 'GiveYourPasswordHere', default_database = [GiveYourDBNameHere], Check_policy = OFF;
-- Creating Login For Staff
Create Login [StaffLoginName] With Password = 'GiveYourPasswordHere', default_database = [GiveYourDBNameHere], Check_policy = OFF;
-- Creating User for Principle
Create User [PrincipalUserName] For Login [PrincipalLoginName] with Default_Schema = [dbo]
-- Creating User for Staff
Create User [StaffUserName] For Login [StaffLoginName] with Default_Schema = [dbo]
-- Granting the edit access for principal login
use [GiveyourDBNameHere]
Exec sp_addrolemember db_datawriter, PrincipalUserName
-- Granting the read access for staff login
use [GiveyourDBNameHere]
Exec sp_addrolemember db_datareader, StaffUserName
Hope the above script will help you to create logins in SQL but you should always consider creating windows login for security purpose.
If at all you are creating the SQL login then you should consider check_policy ON which will enforce more security. Refer the link .
---------------------------------------------------
Thanks,
Satheesh.
June 27, 2011 at 4:04 am
Hi thanks for the reply
it is working good for only StaffLoginName and operations are working good
but it is not working for PrincipalLoginName when login and expand the
database and select one table to edit or select top 1000 rows ..
error is occurred displaying u dont have permission to select top 1000 rows..
what to do
?
June 27, 2011 at 4:11 am
We didn't add the db_datareader role which will permit the user to perform select operation on the user table. Execute the below statment to provide the same.
Exec sp_addrolemember db_datareader, PrincipalUserName
---------------------------------------------------
Thanks,
Satheesh.
June 27, 2011 at 4:53 am
I recommend creating two database roles viz. Principal and Staff.
Instead of directly granting the permissions to Users.
June 27, 2011 at 6:24 am
Thank u .. i got it...
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply