I would strongly advise against giving a user access to write his own queries, unless he is fully competant in SQL....
If you give him access to write queries then I see no reason why he shouldn't have access to the database window, surely you will be giving him access to delete every bit of data from your database (by giving him query access) then what does it matter if he has access to the database window.
Why not give him a copy of the database locally then he can do what he wants with the data without risking data integrety on your live system