GRANT syntax for domain\user

Question

I\'m trying to give access to an active directory user to only one specific table. I want them to be able to insert, update, delete, etc. but only for that table. I know thi

Answer 1

Assuming you have created a user in this database associated with the AD login, e.g.

CREATE LOGIN [domain\user] FROM WINDOWS;
GO
USE your_database;
GO
CREATE USER [domain\user] FROM LOGIN [domain\user];
GO

Then you merely have to follow the same syntax. Because \ is not a standard character for an identifier, you need to escape the name with [square brackets]:

GRANT SELECT, INSERT, UPDATE, DELETE ON dbo.Tablename TO [domain\user];

Answer 2

It is a good practice to create a role and add users to that role. Then grant permissions to that role.

USE database_name
GO

--1)create role 
CREATE ROLE role_name
GO

--2 create user
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'domain\user')
BEGIN
    CREATE USER [domain\user] FOR LOGIN [domain\user]
END;
GO

-- 3 Add user to the role
ALTER ROLE [role_name] ADD MEMBER [domain\user]
GO

--4 Grant permissions to the role
GRANT SELECT, INSERT, UPDATE, DELETE ON dbo.Tablename TO [role_name];