Question
I'm trying to give access to an active directory user to only one specific table. I want them to be able to insert, update, delete, etc. but only for that table. I know this command:
https://stackoverflow.com/questions/20907859
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianGRANT Insert, Select on Tablename to user
But I can't figure out how to get "domain\user" to work syntax-wise. I tried:
GRANT Insert, Select on Tablename to domain\user
But I get:
Msg 102, Level 15, State 1
Incorrect syntax near '\'.
Solution
Assuming you have created a user in this database associated with the AD login, e.g.
CREATE LOGIN [domain\user] FROM WINDOWS;
GO
USE your_database;
GO
CREATE USER [domain\user] FROM LOGIN [domain\user];
GO
Then you merely have to follow the same syntax. Because \ is not a standard character for an identifier, you need to escape the name with [square brackets]:
GRANT SELECT, INSERT, UPDATE, DELETE ON dbo.Tablename TO [domain\user];
OTHER TIPS
It is a good practice to create a role and add users to that role. Then grant permissions to that role.
USE database_name
GO
--1)create role
CREATE ROLE role_name
GO
--2 create user
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'domain\user')
BEGIN
CREATE USER [domain\user] FOR LOGIN [domain\user]
END;
GO
-- 3 Add user to the role
ALTER ROLE [role_name] ADD MEMBER [domain\user]
GO
--4 Grant permissions to the role
GRANT SELECT, INSERT, UPDATE, DELETE ON dbo.Tablename TO [role_name];
