A Learning HUB for Database Administration: Server/DB Roles

Server/DB Roles

Database-Level Roles

Fixed Server Roles

Source:
https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles

Server Roles:

Server Role	Discription
bulkadmin	can run the BULK INSERT statement.
dbcreator	can create databases, and can alter and restore their own databases.
diskadmin	The diskadmin fixed server role is used for managing disk files.
processadmin	can terminate processes that are running in an instance of SQL Server.
securityadmin	They can GRANT, DENY, and REVOKE server-level permissions. They can also GRANT, DENY, and REVOKE database-level permissions. Additionally, they can reset passwords for SQL Server logins.
serveradmin	can change server-wide configuration options and shut down the server.
setupadmin	can add and remove linked servers, and also execute some system stored procedures.
sysadmin	can perform any activity in the server. By default, all members of the Windows BUILTIN\Administrators group, the local administrator's group, are members of the sysadmin fixed server role.

DB Roles:

Role	Discription
db_accessadmin	can add or remove access for Windows logins, Windows groups, and SQL Server logins.
db_backupoperator	can backup the database.
db_datareader	can run a SELECT statement against any table or view in the database.
db_datawriter	can add, delete, or change data in all user tables.
db_ddladmin	can run any Data Definition Language (DDL) command in a database.
db_denydatareader	cannot read any data in the user tables within a database.
db_denydatawriter	cannot add, modify, or delete any data in the user tables within a database.
db_owner	can perform all configuration and maintenance activities on the database.
db_securityadmi	can modify role membership and manage permissions.
public	Every SQL Server login belongs to the public server role. When a server principal has not been granted or denied specific permissions on a securable object, the user inherits the permissions granted to public on that object. Only assign public permissions on any object when you want the object to be available to all users. You cannot change membership in public.

No comments:

Post a Comment

Subscribe to: Posts (Atom)