You can use SQL Server Management Studio or the T-SQL DCL statements to grant, revoke, and deny permissions to securables.
In this section, we will use T-SQL DCL statements to grant, deny and revoke permissions.
We use the GRANT keyword to grant permissions to securables. The basic syntax for the GRANT statement is as follows:
GRANT permission [,…n] TO <grantee_principal> [,…n] [WITH GRANT OPTION] [AS <grantor_principal>]
We use WITH GRANT OPTION when we want the user to grant the same permission to other logins.
For example, to grant Bob the SELECT permission WITH GRANT OPTION on the Book_Info table, you execute the following code:
USE [CH02_03]; GO GRANT SELECT ON [dbo].[Book_Info] TO [Bob] WITH GRANT OPTION; GO
We use the DENY keyword to prevent a user from performing certain actions. The basic syntax for this command is as follows:
DENY permission [,…n] TO <grantee_principal> [,…n] [CASCADE] [AS <grantor_principal>]
We can specify the CASCADE option when we want to deny the permission to the specified principal and to all the other principals to which the principal granted the permission.
For example, enter and execute the following T-SQL code to deny Bob the UPDATE permission on the Book_Info table:
USE [CH02_03]; GO DENY UPDATE ON [dbo].[Book_Info] TO [Bob]; GO
You can manage permissions using SQL Server Management Studio. For example, the following are the steps to grant, deny, or revoke user permissions to securables via SSMS 2014:
- Launch SQL Server 2014 Management Studio.
- In Object Explorer, expand the
Databasesfolder and then expand theTablesfolder. - Right-click on the table and choose Properties.
- Click on Permissions and then select a user or role to which you want to assign a permission.
- In the explicit permissions list, check Grant, With Grant, or Deny for the appropriate permission. To revoke a permission, uncheck the box.
- Click on OK to complete this action.