I am not so into SQL Server and I have the following doubt: I have to require the creation of an user that can work on some databases. This user have to create\delete table, insert\delete records in these tables.
What type of permission have to be set for this user on these databases? Is dbowner ok to perform these operations? (in particular is very important that this user can create\delete tables) or am I missing something?
2条答案
按热度按时间du7egjpx1#
Just to understand first the benefits of using roles :
Predefined database roles You may need to create your own, but you have access to several predefined database roles:
Fixed roles : The fixed server roles are applied serverwide, and there are several predefined server roles:
14ifxucb2#
From the SQL Documentation:
Members of the db_owner fixed database role can perform all configuration and maintenance activities on the database, and can also drop the database in SQL Server.
Are you certain that is the right that you want to grant this user? It seems like a more restricted set of permissions would be more suitable for them.
For example, the roles
db_ddladmin
,db_datareader
, anddb_datawriter
could be more suitable:db_ddladmin
:Members of the db_ddladmin fixed database role can run any Data Definition Language (DDL) command in a database.
db_datareader
:Members of the db_datareader fixed database role can read all data from all user tables.
db_datawriter
:Members of the db_datawriter fixed database role can add, delete, or change data in all user tables.
Alternatively, you can grant specific privileges to the user account against that database and it's user objects in order to restrict their access to the functionality subset you want.