Monday, February 14, 2011

Sql Server 2008 Security/Logins

I’m using windows authentication in an intranet.

The way I am configuring permissions is:

1. Add a login for an individual or group to the instance level security.

2. Set the user mappings for databases I wish to give access, assigning roles.

From: http://www.techrepublic.com/article/understanding-roles-in-sql-server-security/1061781

Predefined database roles:

  • db_owner: Members have full access.
  • db_accessadmin: Members can manage Windows groups and SQL Server logins.
  • db_datareader: Members can read all data.
  • db_datawriter: Members can add, delete, or modify data in the tables.
  • db_ddladmin: Members can run dynamic-link library (DLL) statements.
  • db_securityadmin: Members can modify role membership and manage permissions.
  • db_bckupoperator: Members can back up the database.
  • db_denydatareader: Members can’t view data within the database.
  • db_denydatawriter: Members can’t change or delete data in tables or views.

image

No comments:

Post a Comment