Events
Mar 31, 11 PM - Apr 2, 11 PM
The biggest SQL, Fabric and Power BI learning event. March 31 – April 2. Use code FABINSIDER to save $400.
Register todayThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Applies to:
SQL Server
Azure SQL Database
Azure SQL Managed Instance
Azure Synapse Analytics
Analytics Platform System (PDW)
SQL database in Microsoft Fabric
The Database Engine manages a hierarchical collection of entities that can be secured with permissions. These entities are known as securables. The most prominent securables are servers and databases, but discrete permissions can be set at a much finer level. SQL Server regulates the actions of principals on securables by verifying that they have been granted appropriate permissions.
The following illustration shows the relationships among the Database Engine permissions hierarchies.
The permissions system works the same in all versions of SQL Server, SQL Database, SQL database in Microsoft Fabric, Azure Synapse Analytics, Analytics Platform System, however some features are not available in all versions. For example, server-level permission cannot be configured in Azure products.
For a poster sized chart of all Database Engine permissions in pdf format, see https://aka.ms/sql-permissions-poster.
Permissions can be manipulated with the familiar Transact-SQL queries GRANT, DENY, and REVOKE. Information about permissions is visible in the sys.server_permissions and sys.database_permissions catalog views. There is also support for querying permissions information by using built-in functions.
For information about designing a permissions system, see Getting Started with Database Engine Permissions.
Securing SQL Server
Permissions (Database Engine)
Securables
Principals (Database Engine)
GRANT (Transact-SQL)
REVOKE (Transact-SQL)
DENY (Transact-SQL)
HAS_PERMS_BY_NAME (Transact-SQL)
sys.fn_builtin_permissions (Transact-SQL)
sys.server_permissions (Transact-SQL)
sys.database_permissions (Transact-SQL)
Events
Mar 31, 11 PM - Apr 2, 11 PM
The biggest SQL, Fabric and Power BI learning event. March 31 – April 2. Use code FABINSIDER to save $400.
Register todayTraining
Module
Secure data access in Microsoft Fabric - Training
Learn the key concepts and strategies for securing data access in Microsoft Fabric.
Certification
Microsoft Certified: Azure Database Administrator Associate - Certifications
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.
Documentation
Get started with Database Engine permissions - SQL Server
Review some basic security concepts in SQL Server and learn about a typical implementation of Database Engine permissions.
Learn about the securable scopes, which the SQL Server Database Engine authorization system uses to regulate access to securables.
Application Roles - SQL Server
Use application roles to enable access to data only for those users who connect through a specific application in SQL Server.