GRANT syntax for domain\user

2020-04-01 08:16发布

I'm trying to give access to an active directory user to only one specific table. I want them to be able to insert, update, delete, etc. but only for that table. I know this command:

GRANT Insert, Select on Tablename to user

But I can't figure out how to get "domain\user" to work syntax-wise. I tried:

GRANT Insert, Select on Tablename to domain\user

But I get:

Msg 102, Level 15, State 1
Incorrect syntax near '\'.

标签： sql-server sql-server-2008 active-directory grant

2条回答

Juvenile、少年°

2楼-- · 2020-04-01 09:11

Assuming you have created a user in this database associated with the AD login, e.g.

CREATE LOGIN [domain\user] FROM WINDOWS;
GO
USE your_database;
GO
CREATE USER [domain\user] FROM LOGIN [domain\user];
GO

Then you merely have to follow the same syntax. Because \ is not a standard character for an identifier, you need to escape the name with [square brackets]:

GRANT SELECT, INSERT, UPDATE, DELETE ON dbo.Tablename TO [domain\user];

0人赞添加讨论(0) 举报

闹够了就滚

3楼-- · 2020-04-01 09:12

It is a good practice to create a role and add users to that role. Then grant permissions to that role.

USE database_name
GO

--1)create role 
CREATE ROLE role_name
GO

--2 create user
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'domain\user')
BEGIN
    CREATE USER [domain\user] FOR LOGIN [domain\user]
END;
GO

-- 3 Add user to the role
ALTER ROLE [role_name] ADD MEMBER [domain\user]
GO

--4 Grant permissions to the role
GRANT SELECT, INSERT, UPDATE, DELETE ON dbo.Tablename TO [role_name];

0人赞添加讨论(0) 举报

GRANT syntax for domain\user

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间