Sql-server – how can I add user who can read all tables in database and have permission to alter only one table

sql server

I am creating a database using SQL server express 2016 for a college project and
need to learn how to add a user whom can have access to all tables, however, only be able to alter one of the tables, update, delete, etc… I'm using sql server
express 2016 management studio

Best Answer

Add the user to the db_datareader role within the database

sp_addrolemember @rolename = 'db_datareader' @membername '<USERNAME>'

Give the user permission to alter that single table

grant alter on [<TABLE>] to [<USER>]

This will give the permissions you want. You could also create a specific database role with the correct permissions, or grant the user permissions on the schema so you should check the msdn article suggested by @randolph-west

Related Solutions

Sql-server – Which edition of SQL Server express

I would go for:

SQL Server Express with Tools (with LocalDB, Includes the database engine and SQL Server Management Studio Express)

This gives you MS SQL Express and the Management Studio which will give you all the playground to experiment.

SQL Server – Re-Add User After Moving Database

This is the difference between logins and users and how they relate to each other:

Logins - Instance level principals that allow an entity to connect to the SQL Server instance. They do not, by their nature, grant any access to databases on the instance. The exception to this is a login with sysadmin rights can use a database because they are sysadmin, but because of sysadmin level permissions.
Users - Database level principals that allow an entity to connect to a SQL Server database. Users are associated with logins via SIDs, creating a relationship between the two and allowing a login to connect to the instance and then use the associated user to connect to the database.

What commonly happens with SQL authenticated logins and database users on a restore is that the SIDS will be out of sync, thus breaking the relationship. This relationship must be repaired before you can connect to the database using that login, because in the eyes of SQL Server those principals are no longer connected. You can fix this with the following SQL:

ALTER USER [foo] WITH LOGIN=[foo]

You can use the following query in the context of your database to check for orphans:

select
    dp.name [user_name]
    ,dp.type_desc [user_type]
    ,isnull(sp.name,'Orhphaned!') [login_name]
    ,sp.type_desc [login_type]
from   
    sys.database_principals dp
    left join sys.server_principals sp on (dp.sid = sp.sid)
where
    dp.type in ('S','U','G')
    and dp.principal_id >4
order by sp.name

Best Answer

Related Solutions

Sql-server – Which edition of SQL Server express

SQL Server – Re-Add User After Moving Database

Related Question