4,707 questions
There are already pre-defined database security roles for this:
SELECT: db_datareader
INSERT/UPDATE/DELETE: db_datawriter
CREATE/ALTER/DROP: db_ddladmin
Permission to grant SELECT, UPDATE, DELETE, ALTER on all tables
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 61%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENW%3C/text%3E%3C/svg%3E)
nam wam
1
Reputation point
In SQL Server 2019, I have created a user defined database role MyDbRole. Now I want to grant following permissions to 'MyDbRole' for all tables in the database. Question: What minimal permission I need to achieve this task. If I were to ask a DBA to give me a permission so I can grant following to 'MyDbRole', what permission should I ask a dba for. I'm guessing, it has something to do with WITH GRANT OPTION, but I am not quite sure as to exactly what permission I need?
CREATE, SELECT, UPDATE, DELETE, ALTER
Developer technologies | Transact-SQL
SQL Server | Other
14,503 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 2%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESX%3C/text%3E%3C/svg%3E)
Seeya Xi-MSFT 16,586 Reputation points2022-09-14T06:33:52.497+00:00 Hi @nam wam ,
We have not received a response from you. Did the reply could help you? If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. By doing so, it will benefit all community members who are having this similar issue. Your contribution is highly appreciated.
Best regards,
Seeya -
Seeya Xi-MSFT 16,586 Reputation points
2022-09-29T01:36:44.5+00:00 Hi @nam wam ,
In order to benefit all community members who are having this similar issue, please choose an answer to accept or vote for the answer you think is useful to you. Your contribution is highly appreciated.
Best regards,
Seeya
Sign in to comment
2 answers
Sort by: Most helpful
-
Olaf Helper 47,516 Reputation points2022-09-13T05:05:22.787+00:00 -
Nandan Hegde 36,156 Reputation points MVP Volunteer Moderator2022-09-13T06:46:09.497+00:00 Hey @Olaf Helper wouldnt that provide access on even views?
The ask here is just tables. So is it possible to restrict it to just tables -
Olaf Helper 47,516 Reputation points
2022-09-13T07:20:59.617+00:00 The ask here is just table
Can't imagine, what that could be good for.
In common it is the other way round, granting access to data only via views to e.g. hide some information / row-level-security and so on.Then create a customer database role and grant access for each table.
-
Erland Sommarskog 121.9K Reputation points MVP Volunteer Moderator2022-09-13T21:35:30.377+00:00 db_ddladmin may be too much. But if you use this role, you also need_:
DENY ALTER ANY DATABASE DDL TRIGGER to MyDbRoleExactly what objects developers should be able to main depends on the local circumstances, but a developer should never be permitted to create or drop DDL triggers.
Sign in to comment -
-
Seeya Xi-MSFT 16,586 Reputation points
2022-09-13T06:35:42.26+00:00 Hi @nam wam ,
I have created a user defined database role MyDbRole.
Did you create your own flexible role here?
Note: Do not add flexible database roles as members of fixed roles, as this can lead to unexpected privilege escalation.I've put the steps you might need below.
*-- 1. Create a login user (execute under the master database)
USE master
GO
CREATE LOGIN TestLogin WITH password='abc123456...';-- 2. Create a database read-only user (execute under a user database) USE Test1 GO CREATE USER TestUser FROM LOGIN TestLogin; -- 3. Add users to database roles, such as owner role db_owner, read-only role db_datareader, etc. (executed under a user database) USE Test1 GO EXEC sp_addrolemember 'db_ddladmin', 'TestUser'; EXEC sp_addrolemember 'db_datareader', 'TestUser';*In addition, if you don't want to use the method of adding fixed roles, you can also use the GRANT method. Such as GRANT privileges ON object TO user. Here is a related article on Method 2: https://www.techonthenet.com/sql_server/grant_revoke.php
Hope these would give you some help.
Best regards,
Seeya
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.