Each user in a database can be in one or more roles
db_owner
can perform all configuration and maintenance activities on the database, and can also drop the database.
db_securityadmin can modify role membership and manage permissions. Adding principals to this role could enable unintended privilege escalation.
db_accessadmin
can add or remove access to the database for Windows logins, Windows groups, and SQL Server logins.
db_backupoperator
can back up the database.
db_ddladmin
can run any Data Definition Language (DDL) command in a database.
db_datawriter
can add, delete, or change data in all user tables.
db_datareader
can read all data from all user tables.
db_denydatawriter
cannot add, modify, or delete any data in the user tables within a database.
db_denydatareader
cannot read any data in the user tables within a database.
No comments:
Post a Comment