Server-level fixed roles and their permissions
sysadmin | Members of the sysadmin fixed server role can perform any operation on the server |
server admin | Members of the serveradmin fixed server role can change server-wide configuration options and shut down the server. |
sercurityadmin | Members of the sercurityadmin fixed server role manage login names and their attributes. They can grant, deny, and revoke server-level permissions. They can also grant, deny, and revoke database permissions (if they have access to the database). Additionally, they can reset the SQL Server login password |
processadmin | Members of the processadmin fixed server role can terminate processes running in an instance of SQL Server |
setupadmin | Members of the setupadmin fixed server role can add and remove linked servers using Transact-SQL statements (sysadmin membership is required when using Management Studio.) |
bulkadmin | Members of the bulkadmin fixed server role can run bulk insert statements |
disk admin | diskadmin fixed server role is used to manage disk files |
dbcreator | Members of the dbcreator fixed server role can create, change, delete, and restore any database |
Database-level fixed roles and their permissions
db_owner | Members of the db_owner fixed database role can perform all configuration and maintenance activities of the database, and can also drop the database in SQL Server. |
db_secuityadmin | Members of the db_securityadmin fixed database role can modify only the role membership and administrative permissions of a custom role. Members of this role may have their permissions elevated and their actions should be monitored. |
db_accessadmin | Members of the db_accessadmin fixed database role can add and remove database access permissions for Windows logins, Windows groups, and SQL Server logins. |
db_backupoperator |
Members of the db_backupoperator fixed database role can back up the database |
db_ddladmin | Members of the db_ddladmin fixed database role can run any data definition language (DDL) command in the database. Members of this role can elevate their privileges by manipulating code that may be executed under high privileges, and their actions should be monitored. |
db_datawriter | Members of the db_datawriter fixed database role can add, delete, or change data in all user tables. In most cases this role will be combined with db_datareader membership, to allow reading of the data to be modified. |
db_datareader | Members of the db_datareader fixed database role can read all data from all user tables and views. User objects may exist in any schema except sys and information_schema. |
db_denydatawriter | Members of the db_denydatawriter fixed database role cannot add, modify, or delete any data in user tables in the database. |
db_denydatareader | Members of the db_denydatareader fixed database role cannot read any data in user tables and views in the database. |
---创建dba登录账号
create login dba with password='012345@@!'
GO
---为dba用户创建用户名,并赋予resset_db数据库db_owner权限
use resset_db
create user dba for login dba
exec sp_addrolemember 'db_owner','dba'
GO
---为dba用户创建用户名,并赋予Company_report20221019数据库db_owner权限
use Company_report20221019
create user dba for login dba
exec sp_addrolemember 'db_owner','dba'
---回收dba用户db_owner角色的权限
exec sp_droprolemember 'db_owner','dba'
---删除登录用户
drop login dba
---删除数据库用户
drop user dba
select * from sys.database_principals --View all users in the database
EXEC sp_srvrolepermission --View server role
EXEC sp_srvrolepermission @srvrolename = 'sysadmin' --View detailed permissions of a roleEXEC sp_dbfixedrolepermission @rolename = 'db_owner' --View the detailed permissions of db_owner
EXEC sp_helpdbfixedrole --View all role members in the database
EXEC sp_helprolemember @rolename = 'db_owner' --View the mapping relationships between db_owner role members