First, login permissions:
SQL Server authentication mode has the following two:
1, Windows Authentication Mode:
When using Windows authentication, SQL server uses the Windows user and password in the operating system. That is, when a Windows user identity verification, SQL server does not require a password, do not perform authentication. Windows authentication is more secure than SQL server authentication, SQL server can protect against most of the attacks from the Internet. Windows Authentication is suitable for the case to access the database in an internal local area network (such as AD domain). Note that: When using Windows Authentication, you must also add the appropriate user account name to the list of logins to the database, the login will fail or otherwise, as shown below: 
2, SQL Server and Windows Authentication mode (mixed mode) :
SQL server and Windows Authentication mode is also known as mixed mode, it allows us to use Windows authentication or SQL server authentication to connect. This mode is used when the user is running a non-Windows system environment, Internet users or promiscuous workgroup users access SQL server, for example: When external users to access the database or can not log on to Windows domains, SQL server authentication mode, then use account number and password are stored on a SQL server database, the user and the client does not matter.
Second, the database permissions settings:
Access SQL server can be set from the server, database objects and three levels respectively.
SOL Server can be thought of as a building, the building needs to enter a pass, that's login account, and pass this type of (internal staff or guests) can enter the building, depending on the way of checking security ( that authentication mode). database is conceivable for the building of the room, after entering the building does not have access to each room, access to which room key which also need room, this is the database user. Finally, each room contains a number of objects (such as chairs, computers. Pencils, etc.), they can be thought of as a database table, not every person entering the room have the right to use these objects. These objects architecture as a unit, you can assign user rights to access the architecture, you can access all objects in the architecture by architecture.
Of course, if the room is the owner of the building, then he can have any object in the room, or even allow others to use these objects.
1, server-level permissions
In the SOL Server 2016 is built into a set of server roles (also called fixed server role), these roles to perform server-level management, such as creating databases, manage and audit login account, SQL Server instance to suspend the process of long-running and so on, they act on the entire server, rather than a separate database.
A user can have multiple fixed server role permissions, but fixed server role can not be modified, added or deleted. Server roles are as follows:
2, database-level permissions:
Create a database of any default contains two special user dbo (database owner) and guest, as the former owner of the database, the database has all rights; the latter is a guest account can not be deleted, is disabled by default and do not have any rights. To enable the guest account is generally cautious and grant permissions.
The main control server role server login name in the server-wide access, but set a specific database management and operation rights aspect becomes relatively large, and therefore need to rely on the database role on the database level objects more refined the division of authority. SQL server database provided by default roles are as follows: 
fixed database role also includes a role named public of the role used to capture all the default permissions in the database of users, all users and roles belong to the default public role, which can not be deleted .
3, object-level permissions:
A database typically contains a plurality of data objects tables, views, stored procedures, etc., if a user gives permission to read the database, the user can read at a table or database of all the like. However, if you want the user has permission to query an object, on the need for object-level permissions set, below are some common list of authorized privileges and their descriptions:
