Share via

SQL read only user for specific tables

Federico Coppola 1,181 Reputation points
2021-10-18T05:33:28.68+00:00

Hi all,
I am not a Microsoft SQL expert, but I need to solve this trouble.

I must configure a MS SQL access as read only user.
I understood that I must set "db_datareader* permission for this new read only user (guide: https://www.itsupportguides.com/knowledge-base/server-side-tips/sql-management-studio-how-to-create-read-only-users/)

After that I would limit read only user database view.
I would that this limited user can only see specific tables inside specific database (databases).
Is it possible?
How can I do it?

Thanks
Best regards

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
14,494 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ronen Ariely 15,201 Reputation points
    2021-10-18T05:37:57.013+00:00

    Good day and welcome to the QnA forums :-)

    I would that this limited user can only see specific tables inside specific database (databases).

    In this case you do not need to give permission in the database level but only GRANT SELECT on the specific tables

    For example: 

    GRANT SELECT ON OBJECT::Person.Address TO RosaQdM;    
GO

    You can get more information in the following document

    https://learn.microsoft.com/en-us/sql/t-sql/statements/grant-object-permissions-transact-sql?view=sql-server-ver15

    Note! "create read only users" ! You create a user and a user has no permission. If you did not give the user any permission then he cannot do anything. You grant permissions to SELECT in order to "read" and again, if you did not give him other permission then he can only read

    2 people found this answer helpful.
    0 comments
  2. CathyJi-MSFT 22,381 Reputation points Microsoft External Staff
    2021-10-18T07:42:10.133+00:00

    Hi @Federico Coppola ,

    Agree with pituach. I did a test in my environment.

    The important thing is to not give the user 'db_datareader' access to the whole database. Using the UI you can use the User Mapping tab under the login, you can create the user with 'public' access only. Then you can go to the database and grant that user SELECT access to the particular table.

    Run below T-SQL to limit access to only one table (tableA). 

    use test  
  
GRANT SELECT ON [dbo].[tableA] to [Cathy2]  
Go

    141210-screenshot-2021-10-18-155255.jpg141265-screenshot-2021-10-18-155239.jpg

    141180-screenshot-2021-10-18-152208.jpg141259-screenshot-2021-10-18-152230.jpg

    This is an old similar thread SQL Server : can you limit access to only one table. Hope it could help you.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.