Share via


Permissions Hierarchy (Database Engine)

The Database Engine manages a hierarchical collection of entities that can be secured with permissions. These entities are known as securables. The most prominent securables are servers and databases, but discrete permissions can be set at a much finer level. SQL Server regulates the actions of principals on securables by verifying that they have been granted appropriate permissions.

The following illustration shows the relationships among the Database Engine permissions hierarchies.

Diagram of Database Engine permissions hierarchies

Chart of SQL Server Permissions

For a poster sized chart of all Database Engine permissions in pdf format, see https://go.microsoft.com/fwlink/?LinkId=229142.

Working with Permissions

Permissions can be manipulated with the familiar Transact-SQL queries GRANT, DENY, and REVOKE. Information about permissions is visible in the sys.server_permissions and sys.database_permissions catalog views. There is also support for querying permissions information by using built-in functions.

See Also

Reference

GRANT (Transact-SQL)

REVOKE (Transact-SQL)

DENY (Transact-SQL)

HAS_PERMS_BY_NAME (Transact-SQL)

sys.fn_builtin_permissions (Transact-SQL)

sys.server_permissions (Transact-SQL)

sys.database_permissions (Transact-SQL)

Concepts

Securing SQL Server

Permissions (Database Engine)

Securables

Principals (Database Engine)