How to give an AD group admin access on a schema

Priya Jha 866 Reputation points
2021-09-28T11:18:59.647+00:00

How to give an AD group admin access on a schema so that users of that group should be able to create objects only in that schema

Azure SQL Database
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,367 questions
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,708 questions
Transact-SQL
Transact-SQL
A Microsoft extension to the ANSI SQL language that includes procedural programming, local variables, and various support functions.
4,552 questions
0 comments
Accepted answer
  1. Nandan Hegde 29,886 Reputation points MVP
    2021-09-29T05:12:57.353+00:00

    Hey,
    You need to execute the below set of command:
    GRANT create table TO [login];
    GRANT create view TO [login];
    GRANT create Procedure TO [login];

    GRANT alter 
    ON SCHEMA::[schema] TO [login];

GRANT SELECT
    ON SCHEMA::[schema] TO [login];

GRANT INSERT
    ON SCHEMA::[schema] TO [login];

GRANT UPDATE
    ON SCHEMA::[schema] TO [login];

GRANT DELETE
    ON SCHEMA::[schema] TO [login];

GRANT EXECUTE
    ON SCHEMA::[schema] TO [login];

    Note :The CREATE TABLE is granted at the DB level and you grant the ALTER at the schema level. The combination of the 2 permissions will allow a user to actually create a table in the schema.

    Also make sure :
    Alter AUTHORIZATION ON SCHEMA::<<schemaname>> TO <<login>>;
    so that dbo is not the default authorization

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Erland Sommarskog 101K Reputation points MVP
    2021-09-28T21:33:10.957+00:00 
    GRANT ALTER ON SCHEMA::ThatSchema TO [DOMAIN\Grp]
GRANT CREATE TABLE TO [DOMAIN\Grp]
GRANT CREATE PROCEDURE TO [DOMAIN\Grp]
-- etc

    You need one GRANT CREATE per object type. This permission is on database level, but they also need to have ALTER permission on the schema.

    0 comments
  2. Seeya Xi-MSFT 16,436 Reputation points
    2021-09-29T07:58:28.037+00:00

    Hi @Priya Jha ,

    Agree with them.
    You need one GRANT CREATE per object type or you can authorize together.
    For a simple example:
    GRANT SELECT, INSERT, UPDATE ON SCHEMA::[schema] TO [login];

    Best regards,
    Seeya

    If the response is helpful, please click "Accept Answer" and upvote it, as this could help other community members looking for similar queries.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments