SQL Server 服务器及数据库用户角色权限
Server Role Description bulkadmin Members can run the BULK INSERT statement. Membership in this role still requires that non-sysadmin users have access to the object being updated. dbcreator Members can create, alter, drop, and restore any database. diskadmin This role is used for managing disk files. Most of the capabilities relate to add ing and removing backup devices. processadmin Members can terminate processes that are running in an instance of SQL Server. This role is useful if you want to give someone the ability to kill a long-running query or an orphaned connection. public All valid SQL Server logins are members of the public role. securityadmin Members can manage logins and their properties. They can GRANT, DENY, and REVOKE server-level permissions as well as database-level permissions. They can also reset passwords for SQL Server logins. This role has no rights to assign database permissions. If you want securityadmin members to be able to do this, you must make their logins part of the db_accessadmin fixed database role for the specific database. serveradmin Members can change server-wide configuration options and shut down the server. setupadmin Members can add and remove linked servers and also execute some system stored procedures. sysadmin Members can perform any activity on the server. By default, all members of the Windows BUILTIN\Administrators group, the local administrator's group, are members of the sysadmin fixed server role. The SQL Server service account is also a member of this role.Database Role Description db_accessadmin Members can add or remove access for Windows logins, Windows groups, and SQL Server logins. db_backupoperator Members can back up the database. db_datareader Members can read all data from all user tables. db_datawriter Members can add, delete, or change data in all user tables. db_ddladmin Members can run any data definition language (DDL) command in a database. db_denydatareader Members cannot read any data in the user tables within a database. db_denydatawriter Members cannot add, modify, or delete any data in the user tables within a database. db_owner Members can perform all configuration and maintenance activities on the database, including dropping the database. db_securityadmin Members can modify role membership and manage permissions.
页:
[1]