Choose your database:
AnySQL
MySQL
MS SQL Server
PostgreSQL
SQLite
Firebird
Oracle
SQL Anywhere
DB2
MaxDB

Subscribe to our news:
Partners
Testimonials
Kevin Settler: "If you need the job done right and on time, do it with MS SQL Maestro on your team. The software is a pleasure for us. SQL Maestro Group do excellent work and are dedicated to producing products that all can be proud of".
Lynn Armbruster: "Thank you. I found Maestro easy to use and so far a great tool".

More

Add your opinion

Customers
Download Buy

MS SQL Maestro online Help

Prev Return to chapter overview Next

Server Roles

SQL Server provides server-level roles to help you manage the permissions on a server. Find out more info on server-level roles at SQL Server manual.

 

SQL Server provides nine fixed server roles. The permissions that are granted to the fixed server roles cannot be changed. Beginning with SQL Server 2012, you can create user-defined server roles and add server-level permissions to the user-defined server roles.
You can add server-level principals (SQL Server logins, Windows accounts, and Windows groups) into server-level roles. Each member of a fixed server role can add other logins to that same role. Members of user-defined server roles cannot add other server principals to the role.

 

1.bulkadmin. Granted: ADMINISTER BULK OPERATIONS.
2.dbcreator. Granted: CREATE DATABASE.
3.diskadmin. Granted: ALTER RESOURCES.
4.processadmin. Granted: ALTER SERVER STATE, ALTER ANY CONNECTION.
5.securityadmin. Granted: ALTER ANY LOGIN.
6.serveradmin. Granted: ALTER SETTINGS, SHUTDOWN, CREATE ENDPOINT, ALTER SERVER STATE, ALTER ANY ENDPOINT, ALTER RESOURCES.
7.setupadmin. Granted: ALTER ANY LINKED SERVER.
8.sysadmin. Granted with GRANT option: CONTROL SERVER.

 

Note: Fixed server roles are server-wide in their scope. Each member of a fixed server role can add other logins within the role.

 

Server roles are edited within Server Roles Editor. In order to run the editor you should either

 

select the server role for editing in the explorer tree (type the first letters of the server role name for quick search);
select the Edit Server Role item from the popup menu

or

open the server in Server Editor and the Server Roles tab there;
select the server role to edit;
press the Enter key or select the Edit Server Role item from the popup menu (alternatively, you can use the corresponding link of the Navigation Bar).

 

Server Roles Editor allows you to view the logins implemented to the role, include or exclude existing logins from the definite role.
 


 

Note: Members of the securityadmin fixed server role can grant both server-level and database-level permissions.

 

The Name and Comment fields represents the server role name and comment respectively.

 

Logins

Displays the list of all existing logins. If a login name is checked, the login is added to the fixed server role.

 

To apply the changes, select the Apply Changes item in the Navigation bar or use Ctrl+F9 or Ctrl+F7 shortcut keys.

 

It is also possible to modify object properties without opening the object editor: use the Object Properties item of the popup menu of the selected object from the explorer tree.

See also: Logins



Prev Return to chapter overview Next