Server-Level Roles Home
SQL Server 2008 Books Online (October 2009)
Server-Level Roles

To easily manage the permissions on your server, SQL Server provides several roles, which are security principals that group other principals. Roles are like groups in the Microsoft Windows operating system.

Server-level roles are also named fixed server roles because you cannot create new server-level roles. Server-level roles are server-wide in their permissions scope.

You can add SQL Server logins, Windows accounts, and Windows groups into server-level roles. Each member of a fixed server role can add other logins to that same role.

The following table shows the server-level roles and their capabilities.

Server-level role name Description

sysadmin

Members of the sysadmin fixed server role can perform any activity in the server.

serveradmin

Members of the serveradmin fixed server role can change server-wide configuration options and shut down the server.

securityadmin

Members of the securityadmin fixed server role manage logins and their properties. They can GRANT, DENY, and REVOKE server-level permissions. They can also GRANT, DENY, and REVOKE database-level permissions. Additionally, they can reset passwords for SQL Server logins.

processadmin

Members of the processadmin fixed server role can end processes that are running in an instance of SQL Server.

setupadmin

Members of the setupadmin fixed server role can add and remove linked servers.

bulkadmin

Members of the bulkadmin fixed server role can run the BULK INSERT statement.

diskadmin

The diskadmin fixed server role is used for managing disk files.

dbcreator

Members of the dbcreator fixed server role can create, alter, drop, and restore any database.

public

Every SQL Server login belongs to the public server role. When a server principal has not been granted or denied specific permissions on a securable object, the user inherits the permissions granted to public on that object. Only assign public permissions on any object when you want the object to be available to all users.

For specific information about server-level role permissions, see .Permissions of Fixed Server Roles (Database Engine).

Working with Server-Level Roles

The following table explains the commands, views and functions for working with server-level roles.

Feature Type Description

sp_helpsrvrole (Transact-SQL)

Metadata

Returns a list of server-level roles.

sp_helpsrvrolemember (Transact-SQL)

Metadata

Returns information about the members of a server-level role.

sp_srvrolepermission (Transact-SQL)

Metadata

Displays the permissions of a server-level role.

IS_SRVROLEMEMBER (Transact-SQL)

Metadata

Indicates whether a SQL Server login is a member of the specified server-level role.

sys.server_role_members (Transact-SQL)

Metadata

Returns one row for each member of each server-level role.

sp_addsrvrolemember (Transact-SQL)

Command

Adds a login as a member of a server-level role.

sp_dropsrvrolemember (Transact-SQL)

Command

Removes a SQL Server login or a Windows user or group from a server-level role.
See Also

Reference

Database-Level Roles

Concepts

Securing SQL Server

Other Resources

Security Catalog Views (Transact-SQL)
Security Functions (Transact-SQL)

Help and Information

Getting SQL Server 2008 Assistance
© 2009 Microsoft Corporation. All rights reserved.   Terms of Use | Trademarks | Privacy Statement
Page view tracker
Rate the Lightweight library
x
Lightweight builds on ScriptFree (loband) by adding features you've requested: a SearchBox and default code language selection.
Do you like the SearchBox?
Do you like the tabbed code blocks?
How useful is this topic?
Tell us more.
Thanks
x
You're helping to improve MSDN Online.
Feedback
Switch View
x
Classic
Lightweight Beta
ScriptFree
Switch View