SQL Server uses a standard security model that involves the following entities and concepts:
- Securable
- Represents a resource or target object that requires securing, such as a database view.
- Principal
- Represents a user who requests access to a resource.
- Permission
- Access type that is associated with securable. Permissions can be granted to or revoked from principals. For example,
Update is a permission that is associated with a table (securable) named
R. If
Update on
R is granted to a user (principal) named
U, then
U receives
Update access on
R.
Further,
Microsoft SQL Server supports the following security principals at different levels:
- Windows-level principals
- Control access to SQL Server instances for Windows Local Login and Windows Network Domain Login.
- SQL Server-level principals
- Control access to
Microsoft SQL Server instances for SQL Server Login.
- Database-level principals
- Control access to database instances for database users.
To access a
Microsoft SQL Server instance, use a
Microsoft Windows user name or a
Microsoft SQL Server user name that was previously created in that server instance. After you log on, the user name represents you as your security
principal at the server level.
If you try to use a specific database in the server,
Microsoft SQL Server searches the appropriate database for any previous user who has been mapped to your user name. If
Microsoft SQL Server locates such a user, the corresponding user name represents you as your security principal at the server level.