Events
Mar 31, 11 PM - Apr 2, 11 PM
The ultimate SQL, Power BI, Fabric, and AI community-led event. March 31 - April 2. Use code MSCUST for a $150 discount.
Register todayThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Applies to:
SQL Server
Azure SQL Database
Azure SQL Managed Instance
Azure Synapse Analytics
Analytics Platform System (PDW)
SQL database in Microsoft Fabric
The Database Engine manages a hierarchical collection of entities that can be secured with permissions. These entities are known as securables. The most prominent securables are servers and databases, but discrete permissions can be set at a much finer level. SQL Server regulates the actions of principals on securables by verifying that they have been granted appropriate permissions.
The following illustration shows the relationships among the Database Engine permissions hierarchies.
The permissions system works the same in all versions of SQL Server, SQL Database, SQL database in Microsoft Fabric, Azure Synapse Analytics, Analytics Platform System, however some features are not available in all versions. For example, server-level permission cannot be configured in Azure products.
For a poster sized chart of all Database Engine permissions in pdf format, see https://aka.ms/sql-permissions-poster.
Permissions can be manipulated with the familiar Transact-SQL queries GRANT, DENY, and REVOKE. Information about permissions is visible in the sys.server_permissions and sys.database_permissions catalog views. There is also support for querying permissions information by using built-in functions.
For information about designing a permissions system, see Getting Started with Database Engine Permissions.
Securing SQL Server
Permissions (Database Engine)
Securables
Principals (Database Engine)
GRANT (Transact-SQL)
REVOKE (Transact-SQL)
DENY (Transact-SQL)
HAS_PERMS_BY_NAME (Transact-SQL)
sys.fn_builtin_permissions (Transact-SQL)
sys.server_permissions (Transact-SQL)
sys.database_permissions (Transact-SQL)
Events
Mar 31, 11 PM - Apr 2, 11 PM
The ultimate SQL, Power BI, Fabric, and AI community-led event. March 31 - April 2. Use code MSCUST for a $150 discount.
Register todayTraining
Learning path
Manage permissions and administration for Microsoft Dataverse - Training
Do you need to manage user access rights? In this learning path, you will learn how to manage permissions associated with environments and entities. You will also learn about different administrative portals and how to access each.
Certification
Microsoft Certified: Azure Database Administrator Associate - Certifications
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.