tencent cloud

Account Permissions and Permission Control
Download PDF
Last updated: 2025-10-15 19:47:48
Account Permissions and Permission Control
Last updated: 2025-10-15 19:47:48
Download PDF
The permissions for TencentDB for SQL Server are mainly divided into 3 types: standard permission accounts, privileged permission accounts, and designated accounts. Each type of permission serves different functional purposes. This document will introduce the practices for account permissions and permission control.

Permission Category and Description

Standard permission account: It can grant read or write-related permissions for a single business database based on business needs.
Privileged permission account: It can grant the dbowner permission for ALL business databases, and an instance can only create one privileged permission account.
Designated account: It can grant permissions for special operations, such as viewing errorlog and specifying which databases it is allowed to access.

Creating Accounts with Different Permissions

1. Log in to the TencentDB for SQL Server console and find the target instance.
2. On the instance management page, select Account Management > Create Account, enter relevant information in the pop-up dialog box, and then click OK after confirmation.
Note:
For detailed operation steps and descriptions, see Create Account.

Permission Control

Currently, the TencentDB for SQL Server console provides permission control at the table level. If there is a need for more fine-grained permission control, you can connect to the instance using a privileged permission account through SSMS to perform the operations.

Step 1: Creating a Privileged Permission Account

For detailed steps, see Create Account.

Step 2: Connecting to the SQL Server Instance Through SSMS

After connecting to the SQL Server instance through SSMS, you can perform fine-grained permission control. For detailed steps on connecting to the instance, see Connecting to TencentDB for SQL Server Instance from Local System. Note that you need to use the created privileged permission account and password to log in to SSMS.


Step 3: Authorizing Through Commands

Note:
When the following command is used, replace the variables with actual field information:
<Table name>: Replace <table name> with the actual name.
<Account name>: Replace <account name> with the actual name.
<Permission>: Replace <permission> with the actual SQL.

Example: Granting Permission to a Single Table

GRANT SELECT ON <table name> TO <account name>;
--
GRANT UPDATE ON <table name> TO <account name>;
--
GRANT INSERT ON <table name> TO <account name>;
--
GRANT DELETE ON <table name> TO <account name>;
It indicates granting <account name> the permission to perform query, update, insertion, or deletion operations in <table name>.

Example: Granting Permissions to Specific Fields of a Table

GRANT SELECT(col1,col2,col3) ON <table name> TO <account name>;
It indicates granting <account name> the permission to perform query operations on some columns (col1, col2, and col3) of <table name>.

Example: Granting Permissions to Execute Stored Procedures or Create a View

GRANT EXEC TO <account name>;
--
GRANT CREATE VIEW TO <account name>;
The first line of command indicates granting <account name> the permission to execute stored procedures.
The second line of command indicates granting <account name> the permission to create a view in the current database.

Example: Revoking Granted Fine-Grained Permissions

REVOKE <permission> TO <account name>;
--
For example, REVOKE CREATE VIEW TO <account name>;
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback