|MS SQL Server 2012 - DBA Articles|
Principals and Permissions Hierarchy
Principals of Database Engine
Principals are entities that can request SQL Server resources. Like other components of the SQL Server authorization model, principals can be arranged in a hierarchy. The scope of influence of a principal depends on the scope of the definition of the principal: Windows, server, database; and whether the principal is indivisible or a collection. A Windows Login is an example of an indivisible principal, and a Windows Group is an example of a principal that is a collection. Every principal has a security identifier (SID).
01. Windows Domain Login
02. Windows Local Login
SQL Server-level principals
01. SQL Server Login
02. Server Role
01. Database User
02. Database Role
03. Application Role
Permissions Hierarchy of Database Engine
The Database Engine manages a hierarchical collection of entities that can be secured with permissions. These entities are known as securables. The most prominent securables are servers and databases, but discrete permissions can be set at a much finer level. SQL Server regulates the actions of principals on securables by verifying that they have been granted appropriate permissions.
The following illustration shows the relationships among the Database Engine permissions hierarchies.
More Reference URL:
* * * * *