Modifying Account Permissions

Last updated:2025-08-27 17:40:17

Modifying Account Permissions

Last updated: 2025-08-27 17:40:17

Scenarios
TencentDB for SQL Server instances support granting, modifying, or revoking operation permissions for different accounts on databases or tables after accounts are created.
The operations to set database/table permissions supported by different types of accounts are as follows.
Account Type
Operation to Set Database Permissions
Operation to Set Table Permissions
Standard account
Supported
Supported
Privileged account
Not supported. Privileged accounts have owner permissions for all databases by default. There is no need to set database permissions separately.
Supported
Admin account
Not supported. Admin accounts have the highest sysadmin management permission and have owner permissions for all databases by default. There is no need to set database permissions separately.
Not supported
Designated account
Supported
Not supported
Prerequisites
﻿Accounts have been created.
Permission Description
Permission Level
Permission
Description
Database permission
Owner
Server-level role:
processadmin
dbcreator
Database-level role:
db_owner
﻿
Read-write
Server-level role:
processadmin
dbcreator
Database-level role:
db_reader
db_writer
﻿
Read-Only
Server-level role:
processadmin
dbcreator
Database-level role:
db_reader
Table permission
INSERT
Insert the data.
﻿
UPDATE
Update the data.
﻿
VIEW DEFINITION
View the definition.
﻿
VIEW CHANGE TRACKING
View change tracking records.
﻿
UNMASK
Remove the mask.
﻿
ALTER
Modify the table structure and attributes.
﻿
TAKE OWNERSHIP
Take over the ownership.
﻿
CONTROL
Full control permission for a table.
﻿
DELETE
Delete the data.
﻿
SELECT
Query the data.
﻿
REFERENCES
Reference permission. A table should be referenced when a foreign key is created.
Database Permission Setting
Setting database permissions for an account means granting database-level permissions to the account.
When you create an account, if the database permissions have already been set for the account, you can modify or revoke these permissions by following the steps below. If no database permissions are set for the account, you can grant database-level permissions after account creation by following the steps below. You can also follow the steps below to modify or revoke permissions after authorization.
1. Log in to the TencentDB for SQL Server console and click Instance ID or Manage in the Operation column of the instance list to enter the instance management page.
2. On the instance management page, select the Account Management page, select the target account, and click Set Database Permission in the Operation column.
﻿
Note:
You can select multiple accounts in the account list and choose Batch Management > Batch Reset Database Permissions above to modify database permissions in batches.
3. In the pop-up dialog box, set permissions as needed and click OK.
Operations that can be performed in the dialog box are as follows:
Selecting the databases to be authorized: The database list on the left displays unselected databases. You can select one or multiple databases to be authorized, or select Unauthorized Database to select all such databases in one click. You can click 
﻿
 to sort the databases by the first letter of database names (in ascending or descending order). After selecting databases to be authorized, you can set permissions in the database list on the right, including read-write, read-only, and owner.
Revoking database authorization: The database list on the right displays authorized databases. If you need to revoke authorization, click the cross sign next to the target database.
Modifying permissions on authorized databases: In the database list on the right, you can modify permissions on authorized databases. For example, change from read-write to read-only or from read-only to owner.
Table Permission Setting
Setting table permissions for an account means granting table-level permissions to the account.
1. Log in to the TencentDB for SQL Server console and click Instance ID or Manage in the Operation column of the instance list to enter the instance management page.
2. On the instance management page, select the Account Management page, select the target account, and choose More > Set Table Permissions in the Operation column.
﻿
Note:
The account type in Step 2 is standard account. If the account type is privileged account, the operation is as follows: Click Set Table Permissions in the Operation column.
3. In the pop-up dialog box, select the table for setting table permissions, set permissions, and click Next.
Operations that can be performed in the dialog box are as follows:
Filtering: In a database, you can enter a table name for quick filtering.
Batch authorization: You can click Batch Authorize to select tables in batches and set permissions for these tables uniformly.
Clearing and exiting batch authorization: After clicking Batch Authorize, you can perform this operation to clear selected tables and set permissions in one click and return to the initial permission settings page before confirming the current permission settings.
Reset: You can click Reset to reset table permissions. After the reset, you can perform permission settings again as needed.
Permission settings: Multiple operations can be performed on tables, such as INSERT and DELETE. You can set permissions for each operation (including granting, granting and allowing further granting, or denying).
Modifying or revoking permissions: To modify or revoke set permissions for a table, you can locate the target table and then reselect permissions during permission settings or deselect the set permissions.
4. After setting the permissions, enter SQL Preview to preview all table permissions granted to the current account this time. If modifications are needed, click Previous to make modifications. To revoke this authorization, click Revoke.
5. After confirming that everything is correct, click Confirm to complete the current settings.
Related APIs
API
Description
﻿ModifyAccountPrivilege﻿
This API is used to modify instance account permissions.

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Feedback

Account Type	Operation to Set Database Permissions	Operation to Set Table Permissions
Standard account	Supported	Supported
Privileged account	Not supported. Privileged accounts have owner permissions for all databases by default. There is no need to set database permissions separately.	Supported
Admin account	Not supported. Admin accounts have the highest sysadmin management permission and have owner permissions for all databases by default. There is no need to set database permissions separately.	Not supported
Designated account	Supported	Not supported

Permission Level	Permission	Description
Database permission	Owner	Server-level role: processadmin dbcreator Database-level role: db_owner
		Read-write	Server-level role: processadmin dbcreator Database-level role: db_reader db_writer
		Read-Only	Server-level role: processadmin dbcreator Database-level role: db_reader
Table permission	INSERT	Insert the data.
		UPDATE	Update the data.
		VIEW DEFINITION	View the definition.
		VIEW CHANGE TRACKING	View change tracking records.
		UNMASK	Remove the mask.
		ALTER	Modify the table structure and attributes.
		TAKE OWNERSHIP	Take over the ownership.
		CONTROL	Full control permission for a table.
		DELETE	Delete the data.
		SELECT	Query the data.
		REFERENCES	Reference permission. A table should be referenced when a foreign key is created.

API	Description
ModifyAccountPrivilege	This API is used to modify instance account permissions.

tencent cloud

Scenarios

Prerequisites

Permission Description

Database Permission Setting

Table Permission Setting

Related APIs