Learn SQL Concepts

All Kinds of topics related to Transact SQL, SQL Server Database Administration, SQL Server Query Optimization, SQL Server Trouble Shooting.

Friday, April 21, 2017

How to assign a specific set of permissions on the SQL Server instance to a SQL Server login.

           , , ,      No comments   

Problem: How to assign a specific set of permissions on the SQL Server instance to a SQL Server login.

Solution: Server Roles

Server roles enable you to simplify the assignment of permissions at the database instance level. Although it is possible to assign permissions to SQL logins, this can be difficult to manage in all but the smallest environments. Permissions are assigned to server roles rather than to individual SQL logins. To grant a set of permissions to a specific SQL login, add the login to a server role. SQL Server 2012 ships with nine built-in server roles. These built-in server roles are fixed and, other than the public role, it is not possible to modify the permissions assigned to these roles. In SQL Server 2012, you can modify the permissions assigned to a new type of server role known as a user-defined server role.


The nine-fixed server-level roles are as follows:
  1.       sysadmin Role members can perform all activities possible on the Database Engine instance. You specify initial membership of this role when performing installation of the Database Engine feature.
  2.          serveradmin Role members can perform instance-wide configuration tasks. Members of this role can shut down the instance.
  3.        securityadmin Assign this role to logins that must be able to manage instance-level permissions. Because this role can configure permissions at the instance level, membership in this role allows the elevation of privileges on logins and user-defined server roles to the equivalent of those assigned to the sysadmin fixed server role.
  4.         processadmin Role members can terminate processes running on a Database Engine instance.
  5.          setupadmin Role members can add linked servers to and remove linked servers from the Database Engine instance.
  6.         bulkadmin Assign this role to logins that you want to allow to use the BULK INSERT statement on databases hosted on an instance.
  7.            diskadmin Role members can manage instance-related files.
  8.         dbcreator Role members can create, alter, drop, and restore databases hosted on the Database Engine instance.
  9.        public All SQL Server logins are members of this role. You can alter the permissions assigned to this role, but you cannot alter the membership of the role.


Below is the image of how this set of server roles are mapped in each permissions. Picture is used from Microsoft reference.




Example: In this example, I would like to show we can add a login to a server role using ssms and T-SQL.
Step 1: Connect to the database engine and go to the server roles folder of the instance and double click on the role you want to assign to the login and Click Add button.


Step 2: Browse the login you want to add and click OK.




T-SQL: The below line of code will do the same as we did from management studio.
ALTER SERVER ROLE [sysadmin] ADD MEMBER [sql_user]



0 comments:

Post a Comment

Certifications

Total Pageviews

Blog Archive

Popular Posts

Categories

SQL (31) T-SQL (20) Stored Procedures (10) Performance gains (9) Database (8) DDL (6) SysObjects (6) DML (5) Delete (5) Execution plans (5) Functions (5) Update (5) rows (5) statistics (5) Configurations (4) RESTORE (4) columns (4) execute (4) group by (4) Alter Schema (3) Backup (3) Change Tracking (3) DBCC (3) JOINS (3) SQL SERVER AGENT (3) Transform (3) XML (3) batchexecution (3) count (3) details (3) dynamicSQL (3) partitions (3) query (3) ALerts (2) BREAK (2) CASE (2) ClusteredIndex (2) Command line (2) Conditional Execution (2) ControlFlow (2) Create Schema (2) DATE FORMAT (2) DBCC_SHOW_STATISTICS (2) ENCRYPTION (2) Error Logging (2) FOR XML (2) GOTO (2) Insert (2) Maintainance Statements (2) NonClusteredIndex (2) Optimize (2) PARAMETERS (2) RAISERROR (2) SELECT (2) SET OPERATORS (2) SHRINK LOG (2) SHRINKFILE (2) SQL SERVER (2) Sp's (2) Sp_configure (2) Union (2) Views (2) constriants. (2) execution requests (2) export (2) flatfile (2) foriegn keys (2) format (2) full (2) full text search (2) log (2) merge (2) objetcs (2) output (2) properties (2) script execution (2) sessions (2) sqlcmd (2) sum (2) sys storedprocedures (2) table Hints (2) @@SPID (1) ALTER VIEW (1) AVG (1) Application Refresh with latest data. (1) Audit data (1) AuditActions (1) BCP (1) BEGIN TRANSACTION (1) CAST (1) CHECK OPTION (1) CHECKSUM (1) COLUMNPROPERTY (1) CONNECTION INFORMATION (1) CONTINUE (1) CONVERT (1) CREATE VIEW (1) CROSS APPLY (1) CTE (1) CUSTOM SYSTEM MESSAGE (1) Change columns (1) Charindex (1) Combine Results (1) Conditional filter (1) Contains (1) Create Type (1) Create steps (1) Cursors (1) Custom ERROR Message (1) DATEADD (1) DATEDIFF (1) DB Mail (1) DELAY (1) DIFFERENCE (1) DML TRIGGERS (1) DROP VIEW. (1) Data generator (1) DataTypes (1) Database backup file results (1) Differential (1) Disable change tracking (1) ERRORMESSAGE (1) EXCEPT (1) EXISTS (1) EXPLICIT (1) EXTENDED STORED PROCEDURES (1) Email Operators (1) Errorstate (1) Exception Handling (1) Execute at a time (1) FILELIST ONLY (1) FOR INSERT (1) FORMATMESSAGE (1) FULL OUTER JOIN (1) Full text catalog (1) Full text indexing (1) GLOBAL (1) GUID (1) IF EXISTS (1) IFEXISTS (1) INNER JOIN (1) INTERSECT (1) In-Memory tables (1) Index (1) Index seek (1) Indexes (1) Information_schema.Columns (1) Inner query (1) Jobs (1) Join (1) LEFT OUTER JOIN (1) LOCAL (1) MAXDOP (1) Mail Account (1) Mail Profile (1) MailProfile (1) Memory-Optimized-tables (1) Multiple rows into one row. (1) NameReverese (1) Nested SQL Select (1) Nested stored procedure (1) Notifications (1) OPENXML (1) OUTER JOIN (1) OVER (1) Operator (1) PIVOT (1) Production version (1) Purge History records (1) REGISTRY (1) RETURN (1) RIGHT OUTER JOIN (1) ROLLBACK TRANSACTION (1) ROW_NUMBER (1) Recompile (1) Recursion (1) Recursive CTE (1) SCHEMABINDING (1) SERVER WIDE (1) SHRINK DATA FILE (1) SOUDNEX (1) SPID (1) SQL SERVER AGENT JOB Errors (1) SQL SERVER AGENT JOB History (1) SQL SERVER AGENT JOB Steps (1) SQL SERVER SESSION (1) SQLPERF (1) SQL_VARIANT (1) SYSTEMFUNCTIONS (1) Scalar valued Functions (1) Schedule Jobs (1) Send Db email (1) Sp_add_alert (1) Sp_refreshview (1) Sp_rename (1) Sp_update_alert (1) StringConcatenation (1) SubQueries (1) Substring (1) Sys.Columns (1) Sys.Index_columns (1) THROW (1) TIME (1) TIME ZONE INFO (1) TRY CATCH (1) Table valued Functions (1) Temp Objects (1) Temporary Table (1) TestData (1) TextSearch (1) TimeStamp (1) Transaction locks (1) Triggers (1) UNION ALL (1) UNPIVOT (1) VIEW_METADATA (1) Validations. (1) WAITFOR (1) WHERE (1) WHERE EXISTS (1) WHILE LOOP (1) XML AUTO (1) XML EXPLICIT (1) XML PATH (1) XML RAW (1) XML to SQL (1) advantages (1) backupdate (1) backupversion (1) catalogviews (1) change versions (1) cmdshell (1) compatibility (1) create statistics (1) csv (1) database mail (1) database version (1) datetime (1) defaultconstraints (1) defragment indexes (1) disadvantages (1) distinct (1) exit from code. (1) extract xml (1) getdate() (1) getutcdate() (1) header (1) index fragmentation (1) index scan (1) index usage (1) latch (1) like (1) locks (1) logical operators (1) looping (1) mail log (1) missing indexes (1) multiple columns (1) non-schema bounded views (1) pages fullness (1) phone number (1) predicates (1) query text (1) re organize (1) rebuild (1) sp_executesql (1) sp_lock (1) sp_recompile (1) statastics (1) sys (1) tenses of a verb (1) update metadata (1) update statistics (1) user-defined system error (1) user-defined table type (1) wait (1) xls (1) xp_cmdshell (1)

Thank you!

Thanks for viewing the blog, hope you got what you are looking for. Please post a comment if you need some more information..
~Mahesh Sambu