Are you asking for a proscribed way of limiting access? If so, there are many ways to achieve this but my favourite first step is, as Colin quite rightly states, to give the contractor a specific domain login with minimal privileges.

It should then be a simple matter to add that domain login to the specific SQL Server instance and assign server roles (sysadmin etc.) or database specific privileges (db owner, datareader etc.).

This scheme gives you the best chance at a meaningful audit trail and, even better, the domain account can be set up to expire at a predetermined date thus ensuring the access lasts no longer than it should.