Site sponsored by: Idera The gold standard of SQL Server performance monitoring & diagnostics.
SQL Server Performance

  • Home
  • Articles
  • Forums
  • Tips
  • Quiz
  • FAQ's
  • Blogs
  • Software
  • Books
  • About Us
RSS Feeds
Sign in | Join


Article Topics

All Articles
Performance Tuning
Audit
Business Intelligence
Clustering
Reporting Services
Developer
General DBA
ASP.NET / ADO.NET

Write for Us

Share your SQL Server knowledge with others and raise your profile in the community More...
Latest Articles

Recover Data Using Database Snapshots
Analyze and Fix Index Fragmentation in SQL Server 2008
Powerful Geographical Visualisations made easy with SQL 2008 Spatial (Part 2) ...
Backup User Databases Using a Maintenance Plan

More     
 
Latest FAQ's

How to alter a User Defined Data Type?
How to unzip a File in SSIS?
How to view previous query plans?
ALTER TABLE SWITCH statement failed because the object '%.*ls' is not ...

More     
   
Latest Software Reviews

Spotlight on ApexSQL Doc 2008
ApexSQL Enforce
Embarcadero Change Manager
SQL Server DBA Dashboard

More     
articles >> general dba >> Auditing Your SQL Server Environment, Part II ...

Auditing Your SQL Server Environment, Part II (Reviewing Role Memberships)

By : Randy Dyess
May 23, 2002

Page 2 / 3

Roles and Replication

sysadmin This role can enable, modify, or drop distributors, publishers, and subscribers; create, drop, or modify a publication and its properties; create or delete a push or pull subscription; update a PAL (publication access list); enable snapshots for FTP downloading using the Internet; configure agent profiles; monitor replication agents; configure agent profiles; cleanup replication tasks; and schedule replication jobs.
db_owner This role can create or drop, create or modify a publication or its properties; create or delete a pull or push subscription; update a PAL; enable snapshots for FTP downloading using the Internet; cleanup replication tasks; and schedule replication jobs.
 
 

Managing SQL Server Fixed Roles

Several objects exist to aid in the management of fixed SQL Server roles. While you cannot drop fixed roles or drop default role permissions, you can add and delete role members (except for the public database role) and view the permissions assigned to the roles.
 

Fixed Server Roles

sp_addsrvrolemember
 System stored procedure that adds a login as a member of a fixed server role. Permissions default to members of the sysadmin server role that can add members to any fixed server role, and members of a fixed server role to add members only to the same fixed server role.
sp_dropsrvrolemember
 System stored procedure that removes a SQL Server login or a Windows NT user or group from a fixed server role. Permissions default to members of sysadmin fixed server role to remove members of any server role and members each server role that can remove other members of the same server role. Permissions are not transferable.
sp_helpsrvrolemember
 System stored procedure that returns information about the members of a SQL Server fixed server role.
sp_srvrolepermission
 System stored procedure that returns the permissions applied to a fixed server role.
sp_helpsrvrole
 System stored procedure that returns a list of the SQL Server fixed server roles.
IS_SRVROLEMEMBER Security function that returns an integer indicating whether the current user login is a member of the specified server role.
 
 

Fixed Database Roles

sp_addrolemember
 System stored procedure that adds a security account as a member of an existing SQL Server database role in the current database. Permissions default to members of the sysadmin server role and the db_owner database role to add members to fixed database roles or user-defined roles. Owners of user-defined roles can add members to the roles they own and members of the db_securityadmin database role can add users to any user-defined role.
sp_droprolemember
 System stored procedure that removes a security account from a SQL Server role in the current database. Permissions default to members of the sysadmin server role and the db_owner and db_securityadmin database and are not transferable and only a member of the sysadmin> fixed server role or the db_owner fixed database role can remove users from a fixed database role.
 
sp_dbfixedrolepermission
 System stored procedure that displays the permissions for each fixed database role.
sp_helpdbfixedrole
 System stored procedure that returns a list of the fixed database roles.
sp_helprole
 System stored procedure that returns information about the roles in the current database.
IS_MEMBER Security function that returns an integer indicating whether the current user is a member of the specified NT group or SQL Server role.
 
 

Managing User-Defined SQL Server Roles

SQL Server gives administrators the ability to create their own roles so they can batch logins and define object permissions according to their project needs. Often, when you inherit a SQL Server installation and project, you will find a mixture of individual SQL Server logins and roles. Managing this mixture can often become a daunting task. SQL Server provides you with a group of system stored procedures and functions that can help you with this task.

sp_addrole
 System stored procedure that creates a new SQL Server role in the current database. Permissions default to members of the sysadmin server role, and the db_securityadmin and db_owner database roles and are not transferable.
sp_droprole
 System stored procedure that removes a SQL Server role from the current database. Permissions default to members of the sysadmin server role, the db_owner and db_securityadmin database roles, or the owner of the role and are not transferable.
sp_addrolemember
 System stored procedure that adds a security account as a member of an existing SQL Server database role in the current database. Permissions default to members of the sysadmin server role and the db_owner database role to add members to fixed database roles or user-defined roles. Owners of user-defined roles can add members to the roles they own and members of the db_securityadmin database role can add users to any user-defined role.
sp_droprolemember
 System stored procedure that removes a security account from a SQL Server role in the current database. Permissions default to members of the sysadmin server role and the db_owner and db_securityadmin database and are not transferable and only a member of the sysadmin fixed server role or the db_owner fixed database role can remove users from a fixed database role.
sp_helprole
 System stored procedure that returns information about the roles in the current database.
 
sp_helpuser
 System stored procedure that reports information about SQL Server users, Windows NT users, and database roles in the current database.
IS_MEMBER Security function that returns an integer indicating whether the current user is a member of the specified NT group or SQL Server role.

 


<< Prev Page     Next Page>>    







Home | Peformance Articles | Audit Articles | Business Intelligence Articles | Clustering Articles | Developer Articles | Reporting Services Articles | DBA Articles | ASP.NET / ADO.NET Articles | DBA FAQ's | Developer Peformance FAQ's | DBA Peformance FAQ's | Developer FAQ's | Clustering FAQ's | Error Messages | Audit Tool Reviews | Backup Tool Reviews | Coding Tool Reviews | Compare Tool Reviews | Documentation Tool Reviews | Design Tool Reviews | Monitoring Tool Reviews | Log Tool Reviews | Reporting Tool Reviews | Clustering Tool Reviews | Security Tool Reviews | Change Management Tool Reviews | Remote Access Tool Reviews | Book Reviews | Security Tool Reviews | QDPMA Performance Tuning | ADO.NET / ASP.NET | Administration | Analysis/OLAP Services | Application Development | Configuration | Components | ETL | Hardware | High Availability | Hints | Index | Misc | Operating Systems | Performance Tuning | Replication | T-SQL | Views


              © 1999-2008 by T10 Media. All rights reserved