DB - Grant Access
Grant DB Access to Users
Um login pode ter associado um único user em cada DB cujo nome pode ser distinto entre DBs.
Database Roles (Fixed)
db_accessadmin
Can authorize a user to access the database, but not manage database-level security
db_backupoperator
Can perform backups, checkpoints, and DBCC commands, but not restores (only server sysadmins can)
db_datareader
Can read all the data in the database. This role is the equivalent of a grant on all objects, and it can be overridden by a deny permission.
db_datawriter
Can write to all the data in the database. This role is the equivalent of a grant on all objects, and it can be overridden by a deny permission.
db_ddladmin
Can issue DDL commands (create, alter, drop)
db_denydatareader
Can read from any table in the database. This deny will override any object-level grant.
db_denydatawriter
Blocks modifying data in any table in the database. This deny will override any object-level grant.
db_owner
A special role that has all permissions in the database. This role includes all the capabilities of the other roles. It is different from the dbo user role. This is not the database-level equivalent of the server sysadmin role; an object-level deny will override membership in this role.
db_securityadmin
Can manage database-level security — roles and permissions
User
Standard Database Roles (user defined)
Last updated