Create a user and then carefully study what rights that user needs. Then Give the rights accordingly. If you want the user to have Select rights for one DB, Grant the User rights to that DB. (Add the user to the DB) and give db_Datareader. If the user needs right to insert or update or delete on the whole DB, give db_DataWriter rights.