MS SQL Maestro online Help
Prev | Return to chapter overview | Next |
Roles
Principals are individuals, groups and processes that can request SQL Server resources. Like other components of the SQL Server authorization model, principals can be arranged in a hierarchy. The scope of influence of a principal depends on the scope of the definition of the principal: Windows, server, database; and whether the principal is indivisible or a collection. A Windows Login is an example of an indivisible principal, and a Windows Group is an example of a principal that is a collection. Every principal has a unique security identifier (SID).
Windows-level principals
• | Windows Domain Login |
• | Windows Local Login |
SQL Server-level principal
• | SQL Server Login |
Database-level principals
• | Database User |
• | Database Role |
• | Application Role Using roles can simplify security administration in databases with a large number of users or with a complex security system. |
A database role is created as a separate object, and applies only to the database in which that role is created. Microsoft® SQL Server™ allows Microsoft Windows NT® 4.0 or Windows® 2000 users and groups, SQL Server users, and SQL Server database roles to be members of other roles.
New roles are created within Create Role Wizard. In order to run the wizard you should either
or
or
To create a new role with the same properties as one of the existing roles has:
|
Roles can be edited within Role Editor. In order to run the editor you should either
or
You can change the name of the role using the Rename Role dialog. To open the dialog you should either
or
|
To drop a role (note that you can drop database roles only):
or
and confirm dropping in the dialog window.
|