Technology Encyclopedia Home >How to modify account permissions in SQL Server?

How to modify account permissions in SQL Server?

Created on 2025-05-23 10:03:10
118

In SQL Server, modifying account permissions involves granting, denying, or revoking specific rights to database users or roles. This is done using T-SQL commands or the SQL Server Management Studio (SSMS) graphical interface.

Key Concepts:

  1. Principals: These are entities that can request SQL Server resources, such as logins, users, and roles.
  2. Securables: These are the resources to which permissions are granted, such as databases, tables, or stored procedures.
  3. Permissions: These define what actions a principal can perform on a securable (e.g., SELECT, INSERT, EXECUTE).

Common T-SQL Commands:

  • GRANT: Gives a permission to a principal.
    GRANT SELECT ON dbo.Employees TO 'User1';
  • DENY: Explicitly denies a permission (overrides GRANT if both exist).
    DENY INSERT ON dbo.Employees TO 'User1';
  • REVOKE: Removes a previously granted or denied permission.
    REVOKE SELECT ON dbo.Employees FROM 'User1';

Example Scenario:

To allow a user (User1) to read data from the Employees table but prevent them from modifying it:

-- Grant SELECT permission
GRANT SELECT ON dbo.Employees TO 'User1';

-- Deny INSERT and UPDATE permissions
DENY INSERT, UPDATE ON dbo.Employees TO 'User1';

Using Roles for Easier Management:

Instead of assigning permissions directly to users, you can create a database role, assign permissions to the role, and then add users to the role:

-- Create a role
CREATE ROLE ReadOnlyEmployees;

-- Grant SELECT permission to the role
GRANT SELECT ON dbo.Employees TO ReadOnlyEmployees;

-- Add a user to the role
ALTER ROLE ReadOnlyEmployees ADD MEMBER 'User1';

Using SQL Server Management Studio (SSMS):

  1. Connect to your SQL Server instance.
  2. Navigate to the database and expand the "Security" node.
  3. Right-click on a user or role and select "Properties."
  4. In the "Securables" tab, configure permissions for specific objects.

Cloud Considerations:

If your SQL Server is hosted in the cloud (e.g., on Tencent Cloud Database for SQL Server), ensure you have proper network and security group configurations to allow access while maintaining security. Use Tencent Cloud's Identity and Access Management (CAM) to manage permissions at the account level, and combine it with SQL Server's internal permission system for granular control. Regularly audit permissions using Tencent Cloud's monitoring and logging services to ensure compliance.