August 20, 2010 at 9:00 am
Hi,
I need to give below permissions on a db to a user, please let me know what db roles needs to be assinged for user.
Select permission
Insert update delete permission
backup and restore
execute stored procedure
August 20, 2010 at 9:25 am
something like this, maybe?:
CREATE ROLE [MyNewRole]
--Select permission (assuming every object, not specific tables)
ALTER AUTHORIZATION ON SCHEMA::[db_datareader] TO [MyNewRole]
--Insert update delete permission (assuming every object, not specific tables)
ALTER AUTHORIZATION ON SCHEMA::[db_datawriter] TO [MyNewRole]
--backup and restore
ALTER AUTHORIZATION ON SCHEMA::[db_backupoperator] TO [MyNewRole]
--execute stored procedure (assuming every proc/view/function, not specific objects)
GRANT EXECUTE TO [MyNewRole]
--assign a user to the role containing the correct permissions.
EXEC sp_addrolemember N'MyNewRole', N'bob'
Lowell
August 20, 2010 at 9:34 am
Thank you very much.
2 more questions on sql security
1. Can we create a SQL login with out creating a windows user?
2. Can we create a DB user with out having a SQL Login?
August 20, 2010 at 9:42 am
laddu4700 (8/20/2010)
Thank you very much.2 more questions on sql security
1. Can we create a SQL login with out creating a windows user?
yes, of course. sql supports two kinds of loings, windows logins and sl logins.
stating the obvious, the user 'sa' is a sql login, having no windows account.
sql logins require the server to be set to mixed authentication mode, instead of the default of Windows only.
2. Can we create a DB user with out having a SQL Login?
yes. technically a user is tied to a specific database, where a login allows the user to connect.
the linking of a login to a username for a specific database gives them access to that database.
without a login, only commands using EXECUTE AS would be able to use the login-less user.
--instead of
--CREATE USER [bob] FOR LOGIN [bob]
CREATE USER [bob]
--or more understandibly:
CREATE USER [bob] WITHOUT LOGIN
Lowell
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply