Choose your database:
AnySQL
MySQL
MS SQL Server
PostgreSQL
SQLite
Firebird
Oracle
SQL Anywhere
DB2
MaxDB

Subscribe to our news:
Partners
Testimonials
Albert Rognan: "Thank you for this quick reply. I must say I am impressed of the number of functions that is available within this tool".
Paolo Benjamin T. Briones: "I just downloaded the trial and its great! IMHO, its a lot better than the Enterprise Manager from SQL Server".

More

Add your opinion

MS SQL Maestro online Help

Prev Return to chapter overview Next

Roles

Principals are individuals, groups and processes that can request SQL Server resources. Like other components of the SQL Server authorization model, principals can be arranged in a hierarchy. The scope of influence of a principal depends on the scope of the definition of the principal: Windows, server, database; and whether the principal is indivisible or a collection. A Windows Login is an example of an indivisible principal, and a Windows Group is an example of a principal that is a collection. Every principal has a unique security identifier (SID).

Windows-level principals

Windows Domain Login
Windows Local Login

SQL Server-level principal

SQL Server Login

Database-level principals

Database User
Database Role
Application Role Using roles can simplify security administration in databases with a large number of users or with a complex security system.

 

A database role is created as a separate object, and applies only to the database in which that role is created. Microsoft® SQL Server™ allows Microsoft Windows NT® 4.0 or Windows® 2000 users and groups, SQL Server users, and SQL Server database roles to be members of other roles.

 

 

New roles are created within Create Role Wizard. In order to run the wizard you should either

 

select the Object | Create Database Object... main menu item;
select the Role icon in the Create Database Object dialog

or

select the Roles list or any object from that list in the explorer tree;
select the Create New Role... item from the popup menu

or

open the database in Database Editor and the Roles tab there;
press the Insert key or select the Create New Role... item from the popup menu (alternatively, you may use the corresponding link of the Navigation Bar).

       

To create a new role with the same properties as one of the existing roles has:

 

select the Object | Duplicate Database Object... main menu item;
follow the instructions of Duplicate Object Wizard.

 

 

 

Roles can be edited within Role Editor. In order to run the editor you should either

 

select the role for editing in the explorer tree (type the first letters of the role name for quick search);
select the Edit Role ... item from the popup menu

or

open the database in Database Editor and the Roles tab there;
select the role to edit;
press the Enter key or select the Edit Role item from the popup menu (alternatively, you may use the corresponding link of the Navigation Bar).

       

You can change the name of the role using the Rename Role dialog. To open the dialog you should either

 

select the role to rename in the explorer tree;
select the Rename Role item from the popup menu

or

open the database in Database Editor and the Roles tab there;
select the role to rename;
select the Rename Role item from the popup menu (alternatively, you may use the corresponding link of the Navigation Bar).

 

 

 

To drop a role (note that you can drop database roles only):

 

select the role to drop in the explorer tree;
select the Drop Role item from the popup menu

or

open the database in Database Editor and the Roles tab there;
select the role to drop;
press the Delete key or select the Drop Role item from the popup menu (alternatively, you may use the corresponding link of the Navigation Bar)

 

and confirm dropping in the dialog window.

 



Prev Return to chapter overview Next