top of page
MikeBennyhoff

How to Create Login, User and Grant Permissions in SQL Server

In database environments, data rights assign permissions, and privileges management is essential for preserving security. The article details the process of granting and revoking user account access to particular objects in a database through SQL queries following query call. It also examines how these actions safeguard an individual's personal information from being modified or viewed without authorization.

Create sql server login using SQL Server Management Studio.

To create master database for a SQL Server login using SQL Server Management Studio (SSMS), follow these steps:

Open SSMS and connect to the SQL Server instance where you want to create the login.

Expand the Security folder in the Object Explorer pane.

Right-click on the Logins folder and select New Login.

In the Login - New dialog box, specify the following options:

Login name:

specifies the name of the login. This is a required field.

Password and Confirm password:

specify the password for the login. This is a required field for SQL Server logins, and is not used for Windows logins.

Default database:

specifies the default database for the login. This is the database that the login will be connected to by default when logging in.

Default language:

specifies the default language for the login. This determines the language that will be used for error messages and system messages for the login.

Enforce password policy:

specifies whether to enforce password policy for the login. If this option is set to ON, the login's password must meet the SQL Server password policy requirements.

Enforce password expiration:

specifies whether to enforce password expiration for the login. If this option is set to ON, the login's password will expire after a specified number of days.

Click OK to create the login.

Note that when creating a login using SSMS, the SID and Credential options to create login and are not visible. The SID is automatically generated by the SQL Server authentication itself, and the Credential option can be set separately using the CREATE CREDENTIAL statement.


Server Roles In SQL Server Management Studio

Server roles in SQL Server are predefined roles that are used to grant permissions and control access to server-wide resources and settings. Server roles are intended to simplify the process of granting permissions and managing security in a SQL Server environment. There are several server roles that can be assigned to users or groups in SQL Server, including:

Sysadmin:

Members of the sysadmin server role have full control over the SQL Server instance, including all databases and system objects. They can perform any action on the server without restrictions.

Serveradmin:

Members of the serveradmin server role can manage the configuration and settings of the SQL Server instance. They can also shut down and restart the server, and manage linked servers.

Securityadmin:

Members of the securityadmin server role can manage server-level security settings, including login and user creation and permission assignment.

Processadmin:

Members of the processadmin server role can manage processes running on the SQL Server instance, including stopping and starting processes.

Setupadmin:

Members of the setupadmin server role can manage SQL Server installation and configuration, including creating and modifying SQL Server instances and managing service accounts.

Bulkadmin:

Members of the bulkadmin server role can perform bulk import and export operations on the SQL Server instance.

Diskadmin:

Members of the diskadmin server role can manage disk files and filegroups on the SQL Server instance.

DBOwner:

Members of the db_owner server role have full control over a specific database, including all objects and data within the database.

Public:

The public server role is a default server role that all logins are a member of. It provides basic access to the SQL Server instance and all databases, but does not grant any specific permissions.

Server roles can be assigned to logins or database users, and each login or user can be a member of multiple server roles. Server roles can be assigned using a login in SQL Server Management Studio or by using Transact-SQL statements. It is important to carefully manage server roles page role membership to ensure that users have the appropriate permissions and access to server resources.



User Mapping page

User mapping in SQL Server is the process of associating a SQL Server database user with a SQL Server login. A sql server authentication login is a security principal that allows a user to connect to a SQL Server instance, while a user is a security principal that is used to control access to a sql server user permissions a specific database.

When creating a new user in SQL Server, user mapping is an important step to ensure that the user has permissions granted the appropriate permissions to create user access the desired database. User mapping can be done in SQL Server Management Studio or using Transact-SQL statements.

To map a database user to database engine create a login using a SQL Server login using SSMS, follow these steps:

Open SSMS and connect to the SQL Server instance.

Expand the Databases folder and select the database where you want to create the user.

Right-click on the Security folder and select New -> User.

In the User - New dialog box, specify the user name and login name for the new user.

Under "Securables", select the database objects that the user should have access to, and specify the appropriate permissions for each object.

Click OK to create the user.

During the user creation process, SSMS will automatically generate a script to create the user and map it to the specified login. This script can be reviewed and modified as necessary before executing it to create login again.

In addition to specifying database object permissions, user mapping can also be used to create a user and specify default schema and database role membership for the user. This can be done in the User Mapping tab of the New User dialog box.

It is important to carefully manage user mapping to ensure that users have the appropriate permissions and access to database resources. Improperly mapped users can result in security vulnerabilities and data breaches.


Securtables

The Securables page in the user setup in SQL Server allows you to specify the database objects that a user should have access to, and the specific permissions that the user should have on each object. This includes tables, views, stored procedures, functions, and other database objects.

When creating a new user login sql server or modifying an existing user in SQL Server, the Securables page is used to control access to specific database objects. This page displays a list of all available database objects in the selected database, along with checkboxes to specify the permissions that the user should have on each object.

The available permissions that can be granted to a user on a database object include:

  • Select: Allows the user to read data from the object.

  • Insert: Allows the user to add new data to the object.

  • Update: Allows the user to modify existing data in the object.

  • Delete: Allows the user to remove data from the object.

  • Execute: Allows the user to execute stored procedures and functions.

  • Alter: Allows the user to modify the structure of the object.

  • Control: Allows the user to perform administrative tasks on the object.

By selecting the appropriate checkboxes on the Securables page, you can grant the user the necessary permissions to perform the required actions on each database object. It is important to carefully manage object permissions to ensure that users have the appropriate level of access to database resources, while also protecting sensitive data from unauthorized access or modification.

Note that granting excessive permissions to a user can result in security vulnerabilities and data breaches, so it is important to regularly review and update user permissions to ensure that they are aligned with business requirements and security best practices.


Status Page

The Status page in the user setup wizard in SQL Server displays information about the result of the user creation process. This page provides details about any errors or warnings that occurred during the user creation process, and also displays the Transact-SQL script that was executed to create the user.

After you have specified the user properties, securables database permissions, and membership, you can click the OK button to create the user. SQL Server Management Studio will execute the necessary Transact-SQL statements to create the user and apply the specified permissions windows domain account.

If any errors or warnings occur during the user creation process, they will be displayed on the Status page. You can review the error messages to determine the cause of the problem and take appropriate action to create a new login or resolve the issue.

The Status page also displays the Transact-SQL script that was executed to create the user. This script can be copied and saved for future reference or modification. If you need to create a new or similar user in another database or on another SQL Server instance, you can modify the script as necessary and execute it to create the new user.

Overall, the Status page in the user setup wizard provides important feedback about the user creation process and allows you to quickly identify and resolve any issues that may occur create a login name.


Other User Creation Resources For Your SQL Server Instance



Recent Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating

Get in Touch

Thanks for submitting!

bottom of page