Microsoft uses a set of terminology to describe SQL Server security functionality, which separates the security architecture into
  • Principals: These are objects (for example a user login, a role, or an application) thatmay be granted permission to access particular database objects.

  • Securables: These are objects (a table or view, for example) to which access can be controlled.

  • Permissions: These are individual rights, granted (or denied) to a principal, to access a securable object.

Principals are the topic of this chapter, and securables and permissions are discussed in the next chapter.

Principals fall into three different scopes:
  • Windows principals are principals based onWindows domain user accounts, domain groups, local user accounts, and local groups. Once added to SQL Server and given permissions to access objects, these types of principals gain access to SQL Server based on Windows Authentication.

  • SQL Server principals are SQL Server-level logins and fixed server roles. SQL logins are created within SQL Server and have a login name and password independent of anyWindows entity. Server roles are groupings of SQL Server instance-level permissions that other principals can becomemembers of, inheriting that server role’s permissions.

  • Database principals are database users, database roles (fixed and user-defined), and application roles—all of which I’ll cover in this chapter.

I’ll start this chapter off with a discussion ofWindows principals.


Database Object Database User Server Role Default Schema User Command 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Joseph Sack 2008

Personalised recommendations