Managing Users, Roles, and Logins
In SMO, logins are represented by the Login object. When the logon exists in SQL Server, it can be added to a server role. The server role is represented by the ServerRole object. The database role is represented by the DatabaseRole object and the application role is represented by the ApplicationRole object.
Privileges associated with the server level are listed as properties of the ServerPermission object. The server level privileges can be granted to, denied to, or revoked from individual logon accounts.
Every Database object has a UserCollection object that specifies all users in the database. Each user is associated with a logon. One logon can be associated with users in more than one database. The Login object's EnumDatabaseMappings method can be used to list all users in every database that is associated with the logon. Alternatively, the User object's Login property specifies the logon that is associated with the user.
SQL Server databases also have roles that specify a set of database level privileges that let a user perform specific tasks. Unlike server roles, database roles are not fixed. They can be created, modified, and removed. Privileges and users can be assigned to a database role for bulk administration.