Granting and Revoking Object Permissions

For users and groups of each database, you can grant and revoke permissions for tables, views, and stored procedures. If the user or group already has permissions on those objects, any new permissions that you grant will be added to the existing permissions.

You administer object permissions by clearing or selecting checkboxes.

This checkbox indicator
Means
Empty No change from the inherited permission.
Blue check The permission is granted.
Red check The permission is revoked (cancels an inherited grant).
Green check A pending grant. (The permission is granted when the Set button is chosen.)
Red circle and slash A pending revoke. (The permission is revoked when the Set button is chosen.)

You can manage object permissions from the perspective of the group or user or from the perspective of the object. Note that any changes you make are only pending until you select the Set button.

    To manage object permissions by group or user
  1. From the Server Manager window, select a server, open its Databases folder, and select a database.
  2. From the Object menu, select Permissions.

    The Object Permissions dialog box appears.

  3. Select the By User tab.

  4. From the User/Group list, select a user or group.

    Object permissions are shown for this user or group. If a group is selected, the Group members box lists all users of that group.

  5. To limit the amount of information displayed, select or clear the Object Filters options.
  6. To grant to the selected user or group all permissions for all displayed objects, choose Grant All.

    Or to revoke from the selected user or group all permissions for all displayed objects, choose Revoke All.

  7. To grant or revoke specific permissions for specific objects, click on the appropriate check boxes in the object list.
  8. Optionally, to set column-level SELECT and UPDATE permissions, select an object name from the object list, and also select the Column Level Permissions option. Then in the column list, grant or revoke specific permissions for specific columns by clicking on the appropriate check boxes.

    Column-level permissions apply only to tables and views (not stored procedures).

  9. Choose Set.

    The pending permissions are granted and/or revoked.

    Note Any changes you make in this dialog box are only pending until you select the Set button.

    To manage object permissions by object
  1. From the Server Manager window, select a server, open its Databases folder, and select a database.
  2. From the Object menu, select Permissions.

    The Object Permissions dialog box appears with the By Object tab selected.

  3. From the Object list, select an object.

    This is the object that will have its permissions managed.

  4. To grant all permissions for this object to all users and groups of this database, choose Grant All.

    Or to revoke all permissions for this object from all users and groups of this database, choose Revoke All.

  5. To grant or revoke specific permissions for specific users or groups, click on the appropriate check boxes in the user and group list.
  6. Optionally, to set column-level SELECT and UPDATE permissions, select a user or group name from the object list, and also select the Column Level Permissions option. Then in the column list, grant or revoke specific permissions for specific columns by clicking on the appropriate check boxes.

    Column-level permissions apply only to tables and views (not stored procedures).

  7. Choose Set.

    The pending permissions are granted and/or revoked.

    Note Any changes you make in this dialog box are only pending until you select the Set button.

For more information about object permissions, see Chapter 8, Security Concepts.