Now that we understand the authentication/authorization process, we can create more detailed user access policies on the server and/or database level. Also, we will go into more detail about fixed server-side and database roles.
SQL Server provides nine fixed server roles. The permissions that are granted to the fixed server roles cannot be changed. You can create user-defined server roles and add server-level permissions to those roles:
- sysadmin: Members of the sysadmin fixed server role can perform any activity on the server.
- serveradmin: Members of the serveradmin fixed server role can change server-wide configuration options and shut down the server.
- securityadmin: Members of the securityadmin fixed server role manage logins and their properties. They can
GRANT
,DENY
, andREVOKE
server-level permissions. They can alsoGRANT
,DENY
, andREVOKE
database-level permissions if they have access to a database. - processadmin: Members of the processadmin...