alex
Reputation: 71
SQL Server user permission on different schema
I have an SQL Azure database and there are already thousands of objects under the DBO schema.
I want to create a new user with specific access requirements
the requirement is below.
- User can only see a few of the objects under the dbo schema
- User can make an update/select/alter/execute..etc. any type of modifications, including adding or removing columns from the objects they are allowed to see.
- User can add new objects under the dbo schema.
- User should not see the objects(which they are not allowed to see) under the dbo schema in the SSMS browser.
Can you help me to setup the user with specification above?
Upvotes: 0
Views: 2124
Answers (1)
Joseph Xu
Reputation: 6043
As Dan Guzman said this would be possible without #3. Beacuse "Create table" is only a database level permission, cannot be assigned at the schema level.
A user can be defined as the schema owner. If the user has "Create Table" permissions at the database level and is a schema owner, all tables will be created in the schema he/she owns.
- Create login and user in Azure SQL:
use master;
CREATE login user1 with password='SafePassword'
use userDb;
CREATE USER user1 FOR LOGIN user1;
GO
- We can use following query to generate grant T-SQL script. Select the tables you want to grant to the user.
SELECT 'GRANT SELECT,INSERT,DELETE,UPDATE ON "' + TABLE_SCHEMA + '"."' + TABLE_NAME + '" TO "user1"' FROM information_schema.tables
Upvotes: 1
Related Questions
- Exclusive User ownership on sql server tables
- Access control permissions on Azure SQL database schema
- SQL Azure cross DB Query Privileges
- Set RESTRICTED_USER on Azure SQL database
- SQL Server: How to permission schemas?
- How to grant permission to a user in Azure SQL Server
- Multiple Schema Permissions In SQL Server 2008 R2
- Schema Permissions in SQL Server 2008 R2
- Sql Server 2008 schema separation and permissions
- GRANTing permissions across different databases (schemas)