DB - Grant Access

Grant DB Access to Users

Um login pode ter associado um único user em cada DB cujo nome pode ser distinto entre DBs.

Database Roles (Fixed)

db_accessadmin

Can authorize a user to access the database, but not manage database-level security

db_backupoperator

Can perform backups, checkpoints, and DBCC commands, but not restores (only server sysadmins can)

db_datareader

Can read all the data in the database. This role is the equivalent of a grant on all objects, and it can be overridden by a deny permission.

db_datawriter

Can write to all the data in the database. This role is the equivalent of a grant on all objects, and it can be overridden by a deny permission.

db_ddladmin

Can issue DDL commands (create, alter, drop)

db_denydatareader

Can read from any table in the database. This deny will override any object-level grant.

db_denydatawriter

Blocks modifying data in any table in the database. This deny will override any object-level grant.

db_owner

A special role that has all permissions in the database. This role includes all the capabilities of the other roles. It is different from the dbo user role. This is not the database-level equivalent of the server sysadmin role; an object-level deny will override membership in this role.

db_securityadmin

Can manage database-level security — roles and permissions

User

Standard Database Roles (user defined)