MS SQL Server 2012 - DBA Articles

Principals and Permissions Hierarchy



Principals of Database Engine

Principals are entities that can request SQL Server resources. Like other components of the SQL Server authorization model, principals can be arranged in a hierarchy. The scope of influence of a principal depends on the scope of the definition of the principal: Windows, server, database; and whether the principal is indivisible or a collection. A Windows Login is an example of an indivisible principal, and a Windows Group is an example of a principal that is a collection. Every principal has a security identifier (SID).

Windows-level principals

    01. Windows Domain Login
    02. Windows Local Login

SQL Server-level principals

    01. SQL Server Login
    02. Server Role

Database-level principals

01. Database User
02. Database Role
03. Application Role

Permissions Hierarchy of Database Engine

The Database Engine manages a hierarchical collection of entities that can be secured with permissions. These entities are known as securables. The most prominent securables are servers and databases, but discrete permissions can be set at a much finer level. SQL Server regulates the actions of principals on securables by verifying that they have been granted appropriate permissions.

The following illustration shows the relationships among the Database Engine permissions hierarchies.



More Reference URL:

http://msdn.microsoft.com/en-us/library/ms181127%28v=sql.110%29.aspx
http://msdn.microsoft.com/en-us/library/ms191465%28v=sql.110%29.aspx

* * * * *


Email Your Comment To AUTHOR