I have 2 database users called SQLUser1 and SQLUser2. How can I grant INSERT permission to SQLUser2 at database level using SQLUser1?
After reading about database membership roles, I think I can achieve the solution by playing with memberships of SQLUser1. Can it be solved by giving db_securityadmin and db_accessadmin to SQLUser1?How can I control permissions of one user by another user in database level?
Any help appreciated.
Thanks,
Deeps
You must grant all/specific privilege to SQLUser1 with grant option as sa (sys admin or other higher privileged user). Then SQLUser1 will become eligible to grant privilege to SQLUser2 as outlined below
GRANT ALL TO SQLUser1 WITH GRANT OPTION
You need not to assign ALL privilege to SQLUser1. Even SQLUser1 can have only INSERT permission but WITH GRANT OPTION make him eligible to grant the same permission to other user.
Then as SQLUser1 grant specific privilege to SQLUser2
GRANT INSERT TO SQLUser2
You can do the above mentioned steps using GUI (SSMS) as well.
For more information on GRANT see HERE
you need to use a user which is db_owner.
Select the user2 and click Properties, then user mappings... using SQL Server Management Studio.
Related
I am granting permission on some objects to my user in a database, Is there any way to grant permission to user without using database role?
I can easily do it by creating database role, but I do not want to use role.
I assigned some objects to my user by Database User, in Securables tab, it didn't work!
create user [user_test] for login [login_test]
create role role_test authorization user_test
exec sp_addrolemember 'role_test', 'user_test'
grant select on object::dbUser.tbl_05 to role_test
I expected I could grant permission to my user and not to use Database Role.
You have (at least) 2 options here, you can assign the permission straight to your DB user (as mentioned in the comment) or you can grant permission on a certificate, which might give you better control in a production environment.
I am currently limiting permissions of some database users.
The issue is this, Once I remove db_owner permission from some users,they no longer have access to execute stored procedures.
How do you grant permission to a database user to be able to execute stored procedure without making the user a db_owner ?
Assuming you are using SQL Server, you can just grant the EXECUTE permission to this user as:
GRANT EXECUTE ON YourProc TO User;
Btw, db_owner is a database ROLE in SQL Server, not a permission.
For more information visit GRANT Object Permissions
I want to grant permission to particular user for system tables,system logging and system view.
I've read in this answer that granting syslog access would help, but that did not work for me on view svv_table_info.
what did work for me was simple grant select, but only when I've added the system schema name too.
grant select on pg_catalog.svv_table_info to user;
We are using DB project to track Db changes and a standard XML file to publish the changes locally, to test server, Production etc. At the moment we are just copy pasting code like below to Grant permissions to new tables we create.
GRANT SELECT
ON [dbo].[OrganisationSite] TO [Company_FullAccess]
AS [dbo];
GO
GRANT UPDATE
ON [dbo].[OrganisationSite] TO [Company_FullAccess]
AS [dbo];
GO
GRANT INSERT
ON [dbo].[OrganisationSite] TO [Company_FullAccess]
AS [dbo];
GO
GRANT DELETE
ON [dbo].[OrganisationSite] TO [Company_FullAccess]
AS [dbo];
GO
This is prone to error as we could forget to grant a specific permission.
Is there any way to create a SQL query, to view the permissions granted for each table in the database? So we can check to see what permissions have been granted.
Also, any advice on making this more robust would be appreciated.
The best idea in this case is to use ROLE, and add members as needed.
From the documentation:
Roles are database-level securables. After you create a role, configure the database-level permissions of the role by using GRANT, DENY, and REVOKE
That will make it easy after you create ROLES as needed, you can just add members on it, no need to check every member permissions.
Can you lock/disable a user on HSQL?
I'd like to setup a user account before it's needed. Then when needed I'd unlock it so it can be used.
You cannot disable an account.
However, when a user is created it has no privileges whatsoever. You can delay granting SELECT, INSERT, UPDATE etc privileges until the user account is needed.
The correct way to manage this is to create a ROLE and grant the relevant privileges to this role. When an account is needed, you grant this ROLE to the account. When you want to "suspend" an account, you simply REVOKE this role from the account.
See the Guide: http://hsqldb.org/doc/2.0/guide/accesscontrol-chapt.html