To modify database permissions in SQL Server, you can use the GRANT, DENY, or REVOKE statements to manage access rights for users or roles. These commands control what actions users can perform on database objects like tables, views, stored procedures, etc.
GRANT: Gives a user or role specific permissions.
GRANT SELECT, INSERT ON dbo.Employees TO 'JohnDoe';
This allows user JohnDoe to read and insert data into the Employees table.
DENY: Explicitly denies a permission (overrides GRANT if both exist).
DENY DELETE ON dbo.Employees TO 'JaneSmith';
This prevents JaneSmith from deleting records in the Employees table.
REVOKE: Removes a previously granted or denied permission.
REVOKE UPDATE ON dbo.Employees FROM 'JohnDoe';
This removes the UPDATE permission from JohnDoe.
If you want to allow a developer role to query but not modify a Products table:
GRANT SELECT ON dbo.Products TO 'DeveloperRole';
DENY INSERT, UPDATE, DELETE ON dbo.Products TO 'DeveloperRole';
Create a database role, assign permissions to it, and then add users to the role:
-- Create a role
CREATE ROLE ReportReaders;
-- Grant permissions to the role
GRANT SELECT ON dbo.Sales TO ReportReaders;
-- Add users to the role
ALTER ROLE ReportReaders ADD MEMBER 'User1';
ALTER ROLE ReportReaders ADD MEMBER 'User2';
If you're using a cloud-hosted SQL Server (like Tencent Cloud's SQL Server Managed Service), the same SQL commands apply. Additionally, Tencent Cloud provides Database Security Groups (DSG) and Access Management (CAM) to control network-level and user-level access. For example:
Tencent Cloud's SQL Server Managed Service also supports automated backups, patching, and scalability, simplifying permission management while ensuring security.