NOTES: Microsoft SQL Server 2017 and Azure SQL Database
嚜燐icrosoft SQL Server 2017 and Azure SQL Database
Permission Syntax
Most permission statements have the format :
?
AUTHORIZATION must be GRANT, REVOKE or DENY.
?
PERMISSION is listed in the charts below.
?
ON SECURABLE::NAME is the server, server object, database, or database object and its name. (ON SECURABLE::NAME is omitted
for server-wide and database-wide permissions.)
PRINCIPAL is the login, user, or role which receives or loses the permission. Grant permissions to roles whenever possible.
?
Most of the more granular permissions are included in more than one higher level scope permission. So permissions can be inherited
from more than one type of higher scope.
?
Black, green, and purple arrows and boxes point to subordinate permissions that are included in the scope of higher a level permission.
?
Brown arrows and boxes indicate some of the statements that can use the permission.
?
Permissions in black apply to both SQL Server 2016 and Azure SQL Database
?
Permissions in red apply only to SQL Server 2016 and later
?
Permissions marked with ∫ apply only to SQL Server 2017
?
Permissions marked with ? apply to SQL Server 2017 and Azure SQL Database
?
Permissions in blue apply only to Azure SQL Database
?
The newest permissions are underlined
Database Level Permissions
Top Level Database Permissions
db_owner role
CONTROL SERVER
Top Level Server Permissions
loginmanager
role
loginmanager role
Server-Level Principal Logins
ALTER ANY EVENT NOTIFICATION
DROP DATABASE
IMPERSONATE ON USER::
ALTER ANY USER
STATEMENTS:
STATEMENTS:
ALTER ANY DATABASE AUDIT
CREATE DATABASE AUDIT SPECIFICATION
ALTER USER
ALTER ANY DATABASE DDL TRIGGER
CREATE/ALTER/DROP database triggers
DROP USER
CONNECT REPLICATION ON DATABASE::
CONNECT ON DATABASE::
CONNECT ANY DATABASE
ALTER ANY DATABASE EVENT SESSION
STATEMENTS:
ALTER ANY EXTERNAL DATA SOURCE
db_accessadmin role
REFERENCES ON ASSEMBLY::
ALTER ON DATABASE::
TAKE OWNERSHIP ON ASSEMBLY::
ALTER ANY ASSEMBLY
ALTER ANY MESSAGE TYPE 每 See Service Broker Permissions Chart
?
that authenticates at the database, grants CONNECT ON DATABASE
CONTROL ON DATABASE::
SQL Database can be a push replication subscriber which
ALTER ANY DATABASE EVENT NOTIFICATION
CREATE DDL EVENT NOTIFICATION
requires no special permissions.
CREATE DATABASE DDL EVENT NOTIFICATION
CREATE TRACE EVENT NOTIFICATION
on a login, but does not grant the server level permission to view
Event notifications on trace events
broker. See the service broker chart for more into.
ALTER ANY ROUTE 每 See Service Broker Permissions Chart
ALTER ANY SCHEMA 每 See Database Permissions 每 Schema Objects Chart
Database Role Permissions
ALTER ANY SECURITY POLICY
External Library Permissions
CONTROL ON DATABASE::
CONTROL SERVER
ALTER ANY SYMMETRIC KEY 每 See Symmetric Key Permissions Chart
CONTROL ON ROLE::
CONTROL SERVER
CONTROL ON DATABASE::
CONTROL SERVER
CREATE DEFAULT
VIEW ANY DEFINITION
CREATE FUNCTION
OPENROWSET(BULK#.
OPENROWSET(BULK #
bulkadmin role
VIEW ANY DEFINITION
CREATE AGGREGATE
VIEW DEFINITION ON DATABASE::
VIEW DEFINITION ON ROLE::
ALTER ON DATABASE::
TAKE OWNERSHIP ON ROLE::
ALTER ANY DATABASE
VIEW DEFINITION ON DATABASE::
VIEW DEFINITION ON EXTERNAL LIBRARY::
ALTER ON DATABASE::
TAKE OWNERSHIP ON EXTERNAL LIBRARY::
CREATE PROCEDURE
ALTER ANY AVAILABILITY GROUP 每 See Availability Group Permissions
ALTER ANY DATABASE
CREATE QUEUE
CREATE AVAILABILTY GROUP
ALTER ANY EXTERNAL LIBRARY
KILL
ALTER ANY CREDENTIAL
CREATE SYNONYM
CREATE/ALTER/DROP CREDENTIAL
CREATE TABLE
ALTER ANY DATABASE 每 See Database Permission Charts
dbcreator role
STATEMENTS:
ALTER EXTERNAL LIBRARY
STATEMENTS:
Server scoped event notifications
ALTER ANY DATABASE SCOPED CONFIGURATION
ALTER DATABASE SCOPED CONFIGURATION
CREATE DDL EVENT NOTIFICATION
Server scoped DDL event notifications
ALTER ANY MASK
CREATE TRACE EVENT NOTIFICATION
Event notifications on trace events
ALTER ANY EVENT SESSION
setupadmin role
ALTER ANY LOGIN 每 See Connect and Authentication
Extended event sessions
BACKUP DATABASE
sp_addlinkedserver
BACKUP LOG
securityadmin role
ALTER ANY SERVER AUDIT
ALTER ANY SERVER ROLE 每 See Server Role Permissions
CHECKPOINT
DBCC
DBCC FREE#CACHE
FREE#CACHE and
and SQLPERF
SQLPERF
REFERENCES
Applies to subordinate objects in the database. See
SELECT
SELECT on
on server-level
server-level DMV*s
DMV*s
SELECT
Database Permissions 每 Schema Objects chart.
ALTER SETTINGS
sp_configure,
sp_configure, RECONFIGURE
RECONFIGURE
UPDATE
ALTER TRACE
sp_trace_create
sp_create_trace
AUTHENTICATE SERVER
Allows
Allows server-level
server-level delegation
delegation
VIEW DEFINITION
ALTER AUTHORIZATION
CONNECT SQL 每 See Connect and Authentication
EXECUTE ANY EXTERNAL SCRIPT
CONNECT ANY DATABASE
KILL DATABASE CONNECTION
SHUTDOWN
SHUTDOWN*
UNSAFE ASSEMBLY
EXTERNAL ACCESS ASSEMBLY
VIEW DEFINITION ON DATABASE::
SUBSCRIBE QUERY NOTIFICATIONS
Notes:
UNMASK
?
public role
ALTER ON DATABASE::
ALTER ON SERVICE::
STATEMENTS:
VIEW DEFINITION ON APPLICATION ROLE::
ALTER SERVICE
DROP SERVICE
ALTER ANY DATABASE
ALTER AUTHORIZATION exists at many levels in the permission model but is
CREATE SERVICE
ALTER ON DATABASE::
ALTER ANY APPLICATION ROLE
ALTER ON APPLICATION ROLE::
CONTROL SERVER
STATEMENTS:
In both SQL Server and SQL Database the public database role does not initially have access to any user objects.
CONTROL ON REMOTE SERVICE BINDING::
CONTROL ON DATABASE::
ALTER APPLICATION ROLE
DROP APPLICATION ROLE
In SQL Server 2016, the public database role has the VIEW ANY COLUMN MASTER KEY DEFINITION and VIEW ANY
CREATE APPLICATION ROLE
COLUMN ENCRYPTION KEY DEFINITION permissions by default. They can be revoked.
VIEW DATABASE STATE
ALTER ANY DATABASE
CREATE SERVICE
The public database role has many grants to system objects, which is necessary to manage internal actions.
?
CONTROL ON APPLICATION ROLE::
ALTER AUTHORIZATION for any object might also require IMPERSONATE or
never inherited from ALTER AUTHORIZATION at a higher level.
VIEW ANY COLUMN ENCRYPTION KEY DEFINITION
VIEW SERVER STATE
VIEW ANY DEFINITION
VIEW DEFINITION ON DATABASE::
* NOTE: The SHUTDOWN statement requires the SQL Server SHUTDOWN permission. Starting, stopping, and pausing the Database
Engine from SSCM, SSMS, or Windows requires Windows permissions, not SQL Server permissions.
public role
Database Permissions 每 Schema Objects
Server Permissions
Connect and Authentication 每 Server Permissions
Database Permissions
CONTROL ON SERVER
Schema Permissions
CONTROL ON SCHEMA ::
CONTROL ON DATABASE::
db_ddladmin role
Symmetric Key Permissions
Object Permissions
Type Permissions
XML Schema Collection Permissions
CONTROL SERVER
CONTROL ON DATABASE::
ALTER ANY DATABASE
db_datareader role
db_denydatareader role
STATEMENTS:
DROP REMOTE SERVICE BINDING
CONTROL ON OBJECT|TYPE|XML SCHEMA COLLECTION ::
CREATE REMOTE SERVICE BINDING
VIEW DEFINITION ON LOGIN::
IMPERSONATE ON LOGIN::
STATEMENTS:
ALTER ON LOGIN::
EXECUTE AS
db_datawriter role
db_denydatawriter role
STATEMENTS:
VIEW ANY DEFINITION
ALTER LOGIN, sp_addlinkedsrvlogin
DROP LOGIN
SELECT ON SCHEMA::
SELECT ON OBJECT::
INSERT ON DATABASE::
INSERT ON SCHEMA::
INSERT ON OBJECT::< table |view name>
UPDATE ON DATABASE::
UPDATE ON SCHEMA::
UPDATE ON OBJECT::< table |view name>
DELETE ON SCHEMA::
DELETE ON OBJECT::< table |view name>
Note: OPEN SYMMETRIC KEY requires
EXECUTE ON DATABASE::
EXECUTE ON SCHEMA::
EXECUTE ON OBJECT|TYPE|XML SCHEMA COLLECTION::
VIEW DEFINITION permission on the
REFERENCES ON DATABASE::
REFERENCES ON SCHEMA::
REFERENCES ON OBJECT|TYPE|XML SCHEMA COLLECTION:
key (implied by any permission on the
VIEW DEFINITION ON DATABASE::
VIEW DEFINITION ON SCHEMA::
VIEW DEFINITION ON OBJECT|TYPE|XML SCHEMA COLLECTION::
key), and requires permission on the
TAKE OWNERSHIP ON DATABASE::
TAKE OWNERSHIP ON SCHEMA::
TAKE OWNERSHIP ON OBJECT|TYPE|XML SCHEMA COLLECTION::
key encryption hierarchy.
ALTER ON SCHEMA::
?
To map a login to a credential, see ALTER ANY CREDENTIAL.
?
When contained databases are enabled, users can access SQL Server without a login. See database user
CONNECT SQL
o
CONNECT for the database (if specified)
CONTROL SERVER
VIEW ANY DEFINITION
QUEUE
CREATE RULE
RULE
ALTER ANY DATABASE
SYNONYM
CREATE TABLE
(All permissions do not apply to all objects. For example
UPDATE only applies to tables and views.)
REFERENCES ON DATABASE::
REFERENCES ON CONTRACT::
TAKE OWNERSHIP ON CONTRACT::
ALTER ANY DATABASE
ALTER ON DATABASE::
ALTER ON CONTRACT::
DROP CONTRACT
CONTROL ON DATABASE::
CREATE CONTRACT
CONTROL ON ASYMMETRIC KEY::
VIEW DEFINITION ON DATABASE::
VIEW DEFINITION ON ASYMMETRIC KEY::
REFERENCES ON DATABASE::
REFERENCES ON ASYMMETRIC KEY::
ALTER ON DATABASE::
TAKE OWNERSHIP ON ASYMMETRIC KEY::
CONTROL SERVER
VIEW ANY DEFINITION
CONTROL ON DATABASE::
CONTROL ON ROUTE::
VIEW DEFINITION ON DATABASE::
VIEW DEFINITION ON ROUTE::
ALTER ON ASYMMETRIC KEY::
Note: ADD SIGNATURE requires
STATEMENTS:
CONTROL permission on the key, and
ALTER ASYMMETRIC KEY
requires ALTER permission on the
DROP ASYMMETRIC KEY
object.
CREATE ASYMMETRIC KEY
ALTER ANY DATABASE
ALTER ON DATABASE::
ALTER ANY ROUTE
ALTER ON ROUTE::
STATEMENTS:
CREATE ASYMMETRIC KEY
ALTER ROUTE
Notes:
?
To create a schema object (such as a table) you must have CREATE permission for that object type
?
?
DROP ROUTE
To drop an object (such as a table) you must have ALTER permission on the schema or CONTROL
CREATE ROUTE
permission on the object.
plus ALTER ON SCHEMA:: for the schema of the object. Might require REFERENCES ON
ALTER ENDPOINT
CONTROL SERVER
CREATE SYMMETRIC KEY
VIEW DEFINITION ON CONTRACT::
STATEMENTS:
ALTER ANY ASYMMETRIC KEY
VIEW DEFINITION ON ENDPOINT::
?
To create an index requires ALTER OBJECT:: permission on the table or view.
To alter an object (such as a table) you must have ALTER permission on the object (or schema), or
?
To create or alter a trigger on a table or view requires ALTER OBJECT:: on the table or view.
CONTROL permission on the object.
?
To create statistics requires ALTER OBJECT:: on the table or view.
CONTROL SERVER
VIEW ANY DEFINITION
CONTROL ON SERVER ROLE::
CONTROL ON SEARCH PROPERTY LIST::
CONTROL SERVER
CONTROL ON DATABASE::
CREATE ROUTE
Certificate Permissions
OBJECT:: for any referenced CLR type or XML schema collection.
Full-text Permissions
Server Role Permissions
DROP SYMMETRIC KEY
VIEW DEFINITION ON DATABASE::
TAKE OWNERSHIP ON ROUTE::
VIEW
CREATE VIEW
TAKE OWNERSHIP ON ENDPOINT::
CREATE ENDPOINT
VIEW ANY DEFINITION
ALTER SYMMETRIC KEY
TABLE
CREATE TYPE
CONNECT ON ENDPOINT::
CREATE ENDPOINT
CONTROL ON CONTRACT::
CREATE CONTRACT
PROCEDURE
CREATE QUEUE
CREATE XML SCHEMA COLLECTION
DROP ENDPOINT
STATEMENTS:
CREATE SYMMETRIC KEY
CONTROL ON DATABASE::
ALTER ON SYMMETRIC KEY::
FUNCTION
CREATE PROCEDURE
CONTROL ON ENDPOINT::
STATEMENTS:
CONTROL SERVER
DEFAULT
CREATE FUNCTION
CREATE SYNONYM
ALTER ON ENDPOINT::
TAKE OWNERSHIP ON SYMMETRIC KEY::
AGGREGATE
CREATE DEFAULT
To connect using a login you must have :
o
ALTER ON DATABASE::
Asymmetric Key Permissions
ALTER ON OBJECT|TYPE|XML SCHEMA COLLECTION::
OBJECT permissions apply to the following database objects:
CREATE AGGREGATE
permissions.
An enabled login
REFERENCES ON SYMMETRIC KEY::
ALTER ANY CONTRACT
CREATE SEQUENCE
CREATE SCHEMA
Notes:
Enabling a login (ALTER LOGIN ENABLE) is not the same as granting CONNECT SQL permission.
REFERENCES ON DATABASE::
CREATE REMOTE SERVICE BINDING
ALTER ON DATABASE::
ALTER ANY SCHEMA
?
VIEW DEFINITION ON SYMMETRIC KEY::
ALTER ANY SYMMETRIC KEY
RECEIVE ON OBJECT::
CONNECT SQL
The CREATE LOGIN statement creates a login and grants CONNECT SQL to that login.
VIEW DEFINITION ON DATABASE::
SELECT ON OBJECT::
ALTER ANY DATABASE
?
ALTER ANY DATABASE
DELETE ON DATABASE::
VIEW ANY DATABASE
CREATE LOGIN
VIEW CHANGE TRACKING ON OBJECT::
SELECT ON DATABASE::
ALTER ON REMOTE SERVICE BINDING::
ALTER REMOTE SERVICE BINDING
VIEW ANY DEFINITION
VIEW CHANGE TRACKING ON SCHEMA::
ALTER ON DATABASE::
ALTER ANY REMOTE SERVICE BINDING
CONTROL ON SYMMETRIC KEY::
CONTROL ON LOGIN::
o
VIEW DEFINITION ON REMOTE SERVICE BINDING::
TAKE OWNERSHIP ON REMOTE SERVICE BINDING::
VIEW ANY DATABASE 每 See Database Permissions 每 Schema
securityadmin role
VIEW DEFINITION ON SERVICE::
SEND ON SERVICE::
CONTROL ON DATABASE::
VIEW ANY DEFINITION
membership in a role or ALTER permission on a role.
?
VIEW ANY COLUMN MASTER KEY DEFINITION
VIEW ANY DEFINITION
?
SHOWPLAN
SELECT ALL USER SECURABLES
VIEW DEFINITION ON DATABASE::
ALTER ANY SERVICE
Notes:
STATEMENTS:
TAKE OWNERSHIP
ALTER TRACE
CONTROL ON SERVICE::
TAKE OWNERSHIP ON SERVICE::
CONTROL SERVER
STATEMENTS:
IMPERSONATE ANY LOGIN
VIEW ANY DEFINITION
Application Role Permissions
EXECUTE
VIEW ANY DEFINITION
CONTROL ON DATABASE::
BACKUP LOG
INSERT
VIEW SERVER STATE
CONTROL SERVER
members from fixed database roles.
DELETE
CREATE SERVER ROLE 每 See Server Role Permissions
ALTER SERVER STATE
NOTES: Only members of the db_owner
CREATE ROLE
fixed database role can add or remove
CONNECT REPLICATION 每 See Connect and Authentication 每 Database Permissions Chart
ALTER RESOURCES (NA. Use diskadmin role instead.)
CREATE ROLE
BACKUP DATABASE
db_backupoperator role
CHECKPOINT
CREATE/ALTER/DROP SERVER AUDIT
and SERVER AUDIT SPECIFICATION
Service Broker Permissions (SQL Server only)
DROP ROLE
Combined with TRUSTWORTHY allows delegation of authentication
AUTHENTICATE
AUTHENTICATE SERVER
DROP EXTERNAL LIBRARY
CREATE EXTERNAL LIBRARY
CREATE EXTERNAL LIBRARY
ALTER ROLE ADD MEMBER
CREATE XML SCHEMA COLLECTION
ADMINISTER DATABASE BULK OPERATIONS
CREATE ENDPOINT 每 See Connect and Authentication
ALTER ON ROLE::
STATEMENTS:
CREATE VIEW
ALTER ANY ENDPOINT 每 See Connect and Authentication
ALTER ANY EVENT NOTIFICATION
ALTER ANY ROLE
db_securityadmin role
CREATE TYPE
CREATE ANY DATABASE 每 See Top Level Database Permissions
ALTER ANY ENDPOINT
ALTER ON LIBRARY::
CREATE RULE
ALTER ANY CONNECTION
VIEW ANY DEFINITION
CONTROL ON EXTERNAL LIBRARY::
ALTER ANY USER 每 See Connect and Authentication 每 Database Permissions Chart
STATEMENTS:
STATEMENTS:
CREATE/ALTER/DROP server triggers
CREATE/ALTER/DROP server triggers
?
Database scoped DDL event notifications
Note: EVENT NOTIFICATION permissions also affect service
information about logins.
sysadmin role
ALTER ANY LOGIN
Database scoped event notifications
Granting ALTER ANY USER allows a principal to create a user based
ALTER ANY ROLE 每 See Database Role Permissions Chart
Top Level Server Permissions
VIEW ANY DEFINITION
DROP ASSEMBLY
CREATE ASSEMBLY
CREATE ASSEMBLY
ALTER ANY EVENT NOTIFICATION
When contained databases are enabled, creating a database user
?
?
ALTER ANY SERVICE 每 See Service Broker Permissions Chart
CONTROL SERVER
ALTER ON ASSEMBLY::
STATEMENTS:
ALTER ASSEMBLY
CONTROL SERVER
CREATE USER
to that user, and it can access SQL Server without a login.
ALTER ANY FULLTEXT CATALOG 每 See Full-text Permissions Chart
Server Level Permissions for SQL Server
serveradmin role
VIEW DEFINITION ON ASSEMBLY::
REFERENCES ON DATABASE::
Event Notification Permissions (SQL Server only)
NOTES:
ALTER ANY EXTERNAL LIBRARY - See EXTERNAL LIBRARY PERMISSIONS ∫
db_owner role
VIEW DEFINITION ON DATABASE::
Note:
CREATE and ALTER ASSEMBLY
statements sometimes require server
level EXTERNAL ACCESS ASSEMBLY
and UNSAFE ASSEMBLY permissions,
and can require membership in the
sysadmin fixed server role.
EXECUTE AS
CONTROL ON ASSEMBLY::
CONTROL ON DATABASE::
PARTITION & PLAN GUIDE statements
ALTER ANY EXTERNAL FILE FORMAT
db_ddladmin role
ALTER ANY LINKED SERVER
A DENY on a table is overridden by a GRANT on a column. However, a subsequent DENY on the table will remove the column GRANT.
ALTER ON DATABASE::
ALTER ANY DATASPACE
ALTER ANY REMOTE SERVICE BINDING 每 See Service Broker Permissions Chart
processadmin role
?
ALTER ANY DATABASE SCOPED CONFIGURATION ?
CREATE LOGIN
CONTROL ON DATABASE::
ADMINISTER BULK OPERATIONS
Object owners can delete them but they do not have full permissions on them.
ALTER ANY DATABASE
ALTER ON USER::
ALTER ANY CONTRACT 每 See Service Broker Permissions Chart
ALTER ANY DATABASE EVENT NOTIFICATION 每 See Event Notifications Permissions Chart
USER DATABASE
If you create
a database
ALTER ON DATABASE::
ALTER ANY DATABASE
ALTER ANY COLUMN MASTER KEY
DROP LOGIN
ALTER DATABASE
VIEW DEFINITION ON USER::
STATEMENTS:
ALTER ANY COLUMN ENCRYPTION KEY
ALTER ANY SERVER AUDIT
?
CONTROL SERVER
ALTER ANY CERTIFICATE 每 See Certificate Permissions Chart
ALTER LOGIN
dbmanager role
CREATE DATABASE
VIEW DEFINITION ON DATABASE::
VIEW ANY DEFINITION
ALTER ANY ASYMMETRIC KEY 每 See Asymmetric Key Permissions Chart
STATEMENTS:
CONTROL ON USER::
ALTER ANY ASSEMBLY 每 See Assembly Permissions Chart
Notes:
? Server-Level Principal Logins are the Server admin and Azure Active Directory
Admin accounts.
? Server-level permissions cannot be granted on SQL Database. Use the
loginmanager and dbmanager roles in the master database instead.
SQL Database permissions refer to version 12.
VIEW ANY DEFINITION
ALTER ANY APPLICATION ROLE 每 See Application Roles Permissions Chart
Azure SQL Database Permissions
Outside the Database
?
granted in the master database. For SQL Database use the dbmanager role.
ALTER ON DATABASE::
ALTER ANY DATABASE
Granting any permission on a securable allows VIEW DEFINITION on that securable. It is an implied permissions and it cannot be revoked,
** NOTE: CREATE DATABASE is a database level permission that can only be
STATEMENTS: CREATE DATABASE, RESTORE DATABASE
CREATE DATABASE **
CREATE ANY DATABASE
Permissions do not imply role memberships and role memberships do not grant permissions. (E.g. CONTROL SERVER does not imply
Assembly Permissions
CONTROL ON DATABASE::
CONTROL SERVER
STATEMENTS: DROP DATABASE
CONTROL DATABASE
?
but it can be explicitly denied by using the DENY VIEW DEFINITION statement.
Connect and Authentication 每 Database Permissions
db_owner has all permissions in the database.
The CONTROL DATABASE permission has all permissions on the database.
?
Denying a permission at any level, overrides a related grant.
How to Read this Chart
?
However, it is sometimes possible to impersonate between roles and equivalent permissions.
Sample grant statement: GRANT UPDATE ON OBJECT::Production.Parts TO PartsTeam
To remove a previously granted permission, use REVOKE, not DENY.
The CONTROL SERVER permission has all permissions on the instance of SQL Server or SQL Database.
membership in the sysadmin fixed server role. Membership in the db_owner role does not grant the CONTROL DATABASE permission.)
Database Engine Permissions
AUTHORIZATION PERMISSION ON SECURABLE::NAME TO PRINCIPAL
?
NOTES: ?
ALTER ANY DATABASE
CONTROL ON FULLTEXT STOPLIST::
CONTROL ON DATABASE::
CONTROL ON CERTIFICATE::
VIEW DEFINITION ON DATABASE::
VIEW DEFINITION ON CERTIFICATE::
REFERENCES ON DATABASE::
REFERENCES ON CERTIFICATE::
ALTER ON DATABASE::
TAKE OWNERSHIP ON CERTIFICATE::
CONTROL SERVER
VIEW ANY DEFINITION
CONTROL ON DATABASE::
CONTROL ON MESSAGE TYPE::
VIEW DEFINITION ON DATABASE::
REFERENCES ON DATABASE::
VIEW DEFINITION ON MESSAGE TYPE::
REFERENCES ON MESSAGE TYPE::
TAKE OWNERSHIP ON MESSAGE TYPE::
ALTER ANY DATABASE
ALTER ON DATABASE::
CONTROL ON FULLTEXT CATALOG::
ALTER ANY CERTIFICATE
VIEW ANY DEFINITION
VIEW DEFINITION ON SERVER ROLE::
TAKE OWNERSHIP ON SERVER ROLE::
ALTER ANY SERVER ROLE
ALTER ON SERVER ROLE::
VIEW DEFINITION ON SEARCH PROPERTY LIST::
VIEW ANY DEFINITION
VIEW DEFINITION ON DATABASE::
VIEW DEFINITION ON FULLTEXT STOPLIST::
VIEW DEFINITION ON FULLTEXT CATALOG::
STATEMENTS:
REFERENCES ON DATABASE::
DROP SERVER ROLE
ALTER MESSAGE TYPE
DROP MESSAGE TYPE
CREATE CERTIFICATE
REFERENCES ON FULLTEXT STOPLIST::
TAKE OWNERSHIP ON FULLTEXT CATALOG::
NOTES: To add a member to a fixed server role, you must be a member of
TAKE OWNERSHIP ON FULLTEXT STOPLIST::
TAKE OWNERSHIP ON SEARCH PROPERTY LIST::
Database Scoped Credential Permissions ?
that fixed server role, or be a member of the sysadmin fixed server role.
ALTER ANY DATABASE
CONTROL SERVER
ALTER ON DATABASE::
CONTROL SERVER
ALTER ANY FULLTEXT CATALOG
ALTER ON FULLTEXT CATALOG::
CONTROL ON AVAILABILITY GROUP::
VIEW ANY DEFINITION
STATEMENTS:
ALTER FULLTEXT CATALOG
STATEMENTS:
ALTER FULLTEXT STOPLIST
CREATE FULLTEXT STOPLIST
VIEW DEFINITION ON AVAILABILITY GROUP::
TAKE OWNERSHIP ON AVAILABILITY GROUP::
ALTER ON AVAILABILITY GROUP::
STATEMENTS:
DROP FULLTEXT CATALOG
ALTER AVAILABILITY GROUP
DROP FULLTEXT STOPLIST
DROP AVAILABILITY GROUP
DROP FULLTEXT SEARCH PROPERTYLIST
CREATE AVAILABILITY GROUP
VIEW DEFINITION ON DATABASE::
VIEW DEFINITION ON DATABASE SCOPED CREDENTIAL :: ?
REFERENCES ON DATABASE::
REFERENCES ON DATABASE SCOPED CREDENTIAL :: ?
TAKE OWNERSHIP ON DATABASE SCOPED CREDENTIAL :: ?
STATEMENTS:
ALTER SEARCH PROPERTY LIST
CREATE SEARCH PROPERTY LIST
CREATE MESSAGE TYPE
CREATE MESSAGE TYPE
CREATE QUEUE
Notes:
? The user executing the CREATE CONTRACT statement must have REFERENCES permission on
all message types specified.
? The user executing the CREATE SERVICE statement must have REFERENCES permission on
the queue and all contracts specified.
? To execute the CREATE or ALTER REMOTE SERVICE BINDING the user must have
impersonate permission for the principal specified in the statement.
? When the CREATE or ALTER MESSAGE TYPE statement specifies a schema collection, the user
executing the statement must have REFERENCES permission on the schema collection
specified.
? See the ALTER ANY EVENT NOTIFICATION chart for more permissions related to Service
Broker.
? See the SCHEMA OBJECTS chart for QUEUE permissions.
? The ALTER CONTRACT permission exists but at this time there is no ALTER CONTRACT
statement.
Questions and comments to
ALTER ON DATABASE SCOPED CREDENTIAL :: ?
STATEMENTS:
STATEMENTS:
CREATE AVAILABILITY GROUP
CONTROL ON DATABASE SCOPED CREDENTIAL:: ?
ALTER ON FULLTEXT STOPLIST::
CREATE FULLTEXT CATALOG
ALTER ANY AVAILABILITY GROUP
CONTROL ON DATABASE::
ALTER ON SEARCH PROPERTY LIST::
CREATE FULLTEXT CATALOG
VIEW ANY DEFINITION
STATEMENTS:
ALTER CERTIFICATE
REFERENCES ON FULLTEXT CATALOG::
CREATE SERVER ROLE
Availability Group Permissions
ALTER ON MESSAGE TYPE::
STATEMENTS:
DROP CERTIFICATE
CREATE CERTIFICATE
ALTER ANY MESSAGE TYPE
REFERENCES ON SEARCH PROPERTY LIST::
ALTER SERVER ROLE ADD MEMBER
CREATE SERVER ROLE
Note: ADD SIGNATURE requires
CONTROL permission on the certificate,
and requires ALTER permission on the
object.
ALTER ON CERTIFICATE::
ALTER DATABASE SCOPED CREDENTIAL ?
Notes:
?
Creating a full-text index requires ALTER permission on the table and REFERENCES permission on the full-text catalog.
?
Dropping a full-text index requires ALTER permission on the table.
DROP DATABASE SCOPED CREDENTIAL ?
CREATE DATABASE SCOPED CREDENTIAL ?
February 28, 2018
? 2018 Microsoft Corporation. All rights reserved.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- views stored procedures functions and triggers
- notes microsoft sql server 2017 and azure sql database
- chapter 8 advanced sql
- sql tutorialspoint
- sql server standards illinois state board of education
- extension to sql view triggers cursor
- sql triggers views indexes
- using sas views and sql views
- sql server quick guide basic syntax and examples for
Related searches
- azure sql database hyperscale
- azure sql database version
- azure sql server hyperscale
- azure sql database paas
- azure sql server timezone
- azure sql database timezone
- azure sql database versions
- azure sql server versions
- azure sql database ms managed instance
- microsoft sql server query syntax
- install microsoft sql server 2016
- azure sql database best practices