Fixed Database Level Roles
Fixed database roles provide a simple way of assigning common permissions to a database. Each fixed database role has a specific set of permissions that cannot be altered.
The fixed database roles are as follows:
- sysadmin - members to perform all activities possible on the Database Engine instance
- db_accessadmin - grants the ability to manage database access for logins without conferring unnecessary privileges
- db_securityadmin - members of this role can manage the membership of fixed and flexible database-level roles. Principals who are members of this role can elevate their privileges to those functionally equivalent to the db_owner role
- db_ddladmin - members of this role can run any Data Definition Language (DDL) command in the database
- db_backupoperator - Members of this role can back up the database
- db_owner - grants all permissions at the database level, it should be assigned to principals who need to perform all database configuration and management tasks as role members are able to drop the database.
- dbcreator -
- db_datawriter - Enables the principal to insert, delete, or modify data in a database’s user tables.
- db_datareader - Members of this role can read all data from all user tables in a database
- db_denydatawriter - Enables us to block a principal from inserting, altering, or deleting data from a database’s user tables.
- db_denydatareader - Enables us to block a principal from reading data stored within a database’s user tables