contained database authentication Server Configuration Option
Use the contained database authentication option to enable contained databases on the instance of SQL Server Database Engine.
This server option allows you to control contained database authentication.
When contained database authentication is off (0) for the instance, contained databases cannot be created, or attached to the Database Engine.
When contained database authentication is on (1) for the instance, contained databases can be created, or attached to the Database Engine.
A contained database includes all database settings and metadata required to define the database and has no configuration dependencies on the instance of the Database Engine where the database is installed. Users can connect to the database without authenticating a login at the Database Engine level. Isolating the database from the Database Engine makes it possible to easily move the database to another instance of SQL Server. Including all the database settings in the database enables database owners to manage all the configuration settings for the database. For more information about contained databases, see Contained Databases.
If an instance of SQL Server has any contained databases the contained database authentication setting can be set to 0 by using the RECONFIGURE WITH OVERRIDE statement. Setting contained database authentication to 0 will disable contained database authentication for the contained databases.
Contained databases allow users with the ALTER ANY USER permission, such as database owners, to authorize new users of the database. This reduces the access control of the sysadmin fixed server role. Before allowing contained databases, you should understand the risks associated with contained databases. For more information, see Security Best Practices with Contained Databases.