Mike's Database Place

MSSQL Server-Level Roles

Databases

SQL Server

SQL Security

MSSQL Users/Logins

MSSQL Roles

https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/server-level-roles?view=sql-server-ver15

sysadmin

Has all permissions in the server. It can do everything that any other server-level role can do.

Check

To see who has been granted 'sysadmin'...

SELECT sp.name,

sp.is_disabled

FROM sys.server_role_members rm,

sys.server_principals sp

WHERE rm.role_principal_id = SUSER_ID('Sysadmin')

AND rm.member_principal_id = sp.principal_id

Sometimes it's useful just to have a count of the number of users with sysadmin...

SELECT COUNT(*)

FROM sys.server_role_members rm,

sys.server_principals sp

WHERE rm.role_principal_id = SUSER_ID('Sysadmin')

AND rm.member_principal_id = sp.principal_id

serveradmin

Start or Stop the server

securityadmin

Has the ALTER ANY LOGIN privilege. Therefore a Login with this Role is capable of granting any other Role or Privilege (except SYSADMIN) to any other User or Role, including itself.

processadmin

Can Kill processes

setupadmin

Create a Linked Server.

(But, just because you can doesn't mean you should).

bulkadmin

Allows you to bulk load records into a database.

diskadmin

Newer backup technologies have made this pretty much redundant.

dbcreator

Can create a new database.

public

Can connect.

Bibliography

https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/server-level-roles?view=sql-server-ver15https://blog.sqlauthority.com/2017/01/11/sql-server-query-get-list-logins-system-admin-sysadmin-permission/

Page updated

Google Sites

Report abuse