I am using SQL Server Express 2005.
I have only a single database to work with & create logins, users and grant permissions on this database only.
I created a database shopDB.
Then a login shopDBLogin.
Then I selected shopDB & created a user shopDBUser for shopDBLogin. The code is:
create database shopDB
use shopDB
create login shopDBLogin with password='_' , default_database = shopDB
use shopDB
create user shopDBUser for login shopDBLogin
Now, i want to give permissions to shopDBUser to perform the following tasks:
–create 3 new logins L1,L2,L3 & 3 new users U1,U2,U3 inside these logins
–give permissions to U2,U3 to only insert in sql database
–create 3 application roles
How do i give permissions for these tasks to the user? Please help.
I’d have to go with db_securityadmin.
Use sp_addrolemember to hand out the role.
Example:
If you just want shopDBUser to be able to make ‘sub-users’ to his own user: You can’t do that with roles. I suggest creating a stored procedure that does this, granting the stored prcedure elevated permissions and then granting shopDBUser permissions to execute the stored procedure.
You’ll have to make the neccesary checks in the stp yourself of course. Mostly because i THINK the concept of sub-users is simply not known in SQL.
EDIT:
Perhaps implement the concept of sub-users as a seperate table UserInfo. See in below example: