SQL Server 服务器及数据库用户角色权限

my11502207

Server Role	Description
bulkadmin	Members can run the BULK INSERT statement. Membership in this role still requires that non-sysadmin users have access to the object being updated.
dbcreator	Members can create, alter, drop, and restore any database.
diskadmin	This role is used for managing disk files. Most of the capabilities relate to add ing and removing backup devices.
processadmin	Members can terminate processes that are running in an instance of SQL Server. This role is useful if you want to give someone the ability to kill a long-running query or an orphaned connection.
public	All valid SQL Server logins are members of the public role.
securityadmin	Members can manage logins and their properties. They can GRANT, DENY, and REVOKE server-level permissions as well as database-level permissions. They can also reset passwords for SQL Server logins. This role has no rights to assign database permissions. If you want securityadmin members to be able to do this, you must make their logins part of the db_accessadmin fixed database role for the specific database.
serveradmin	Members can change server-wide configuration options and shut down the server.
setupadmin	Members can add and remove linked servers and also execute some system stored procedures.
sysadmin	Members can perform any activity on the server. By default, all members of the Windows BUILTIN\Administrators group, the local administrator's group, are members of the sysadmin fixed server role. The SQL Server service account is also a member of this role.

　　
  

Database Role	Description
db_accessadmin	Members can add or remove access for Windows logins, Windows groups, and SQL Server logins.
db_backupoperator	Members can back up the database.
db_datareader	Members can read all data from all user tables.
db_datawriter	Members can add, delete, or change data in all user tables.
db_ddladmin	Members can run any data definition language (DDL) command in a database.
db_denydatareader	Members cannot read any data in the user tables within a database.
db_denydatawriter	Members cannot add, modify, or delete any data in the user tables within a database.
db_owner	Members can perform all configuration and maintenance activities on the database, including dropping the database.
db_securityadmin	Members can modify role membership and manage permissions.