SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Minimum rights required.


Minimum rights required.

Author
Message
Joy Smith San
Joy Smith San
Hall of Fame
Hall of Fame (3.2K reputation)Hall of Fame (3.2K reputation)Hall of Fame (3.2K reputation)Hall of Fame (3.2K reputation)Hall of Fame (3.2K reputation)Hall of Fame (3.2K reputation)Hall of Fame (3.2K reputation)Hall of Fame (3.2K reputation)

Group: General Forum Members
Points: 3158 Visits: 3200
Dear All,

I want a particular login to have the following rights.

1. Create/Alter Tables.
2. Read/Write into All the tables.
3. Create/Alter Procedures, functions, Triggers etc..
4. Execute all the Procedures, functions, Triggers etc.

Whats rights I need to give for that user, Pls advice.

Thanks.
Steve-3_5_7_9
Steve-3_5_7_9
UDP Broadcaster
UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)

Group: General Forum Members
Points: 1438 Visits: 1599
Into "all" tables. Does this include the system tables?

I would do this with two logins.

One login would have DDLAdmin, datareader, datawriter and this login would exist only in DEV.

For the 2nd login, I would create a role and assign the appropriate permissions. This login would be used by the application or users.

Select on user tables
Execute on sprocs and functions

I would control the access to all of the user tables via the sprocs. I probably would NOT grant "datawriter" to this role because permissions should always be granted minimally and the user/application probably doesn't need to "write" to all tables.

Now if you're just looking for the easy way, the answer is:
DDLAdmin
Datareader
datawriter
Depending on the schema the sproc is created with, you'll probably need to grant "exec" on the sprocs and functions

DBOwner will take care of the execute as well but again I wouldn't recommend this.



dbychen
dbychen
SSC Veteran
SSC Veteran (213 reputation)SSC Veteran (213 reputation)SSC Veteran (213 reputation)SSC Veteran (213 reputation)SSC Veteran (213 reputation)SSC Veteran (213 reputation)SSC Veteran (213 reputation)SSC Veteran (213 reputation)

Group: General Forum Members
Points: 213 Visits: 507
You can implement these with SQL codes in SQL Server 2005 and the newer versions. T-SQL codes are better than the traditional server/database roles, because user needs can be granted more precisely. Here is a short list that should be applicable:

GRANT CREATE TABLE TO Mary, [DOMAIN\JSimith];
GRANT SELECT, INSERT, UPDATE, DELETE ON <Table_Name> TO Mary, [DOMAIN\JSimith];
GRANT CREATE PROCEDURE, CREATE FUNCTION TO Mary, [DOMAIN\JSimith];
GRANT ALTER PROCEDURE, ALTER FUNCTION TO Mary, [DOMAIN\JSimith];
GRANT EXECUTE ON usp_<NAME> TO Mary, [DOMAIN\JSimith];



Steve Jones
Steve Jones
SSC Guru
SSC Guru (61K reputation)SSC Guru (61K reputation)SSC Guru (61K reputation)SSC Guru (61K reputation)SSC Guru (61K reputation)SSC Guru (61K reputation)SSC Guru (61K reputation)SSC Guru (61K reputation)

Group: Administrators
Points: 61547 Visits: 19099
Don't grant rights to users. Use roles. You can create your own with these rights, using the commands above, and then assign users to roles. I'd do two roles. One for read/write/execute and one for changing objects.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search