The same type of
hierarchy exists with permissions at the database level as at the
server level. You can apply permissions at a high level to affect many
objects of a particular type, or you can apply them on a specific
object. You can also manage the permissions at the database level on a
specific database user, or you can manage them on the database across
many users.
To demonstrate the
differences between object types available at the database level, let’s
first look at managing permissions for a specific database user. As
with logins, you can right-click a database user and select Properties.
On the Properties window that appears, you select the Securables page,
and you get a screen to assign permissions that is very similar to the
login permissions screen. The difference at the database level is in
the object types available for selection. Figure 6
shows the object types available when you choose the All Objects of
Types choice during the addition of securables for a database user.
When a low-level object type
such as a table or stored procedure is selected, you are able to apply
explicit permissions to a specific object instance. Figure 7 Table object type is selected. shows an example of low-level securables available when the
To apply permissions at a higher level in the database, you choose the object type Databases.
With this securable added to the permissions grid, you can apply
permissions to a group of objects by selecting a single permission. Figure 8 shows the AdventureWorks2008
database selected as the securable and the related permissions
available. In this example, the login Chris has been granted INSERT,
SELECT, and UPDATE permissions to all the tables in the AdventureWorks2008 database.
