Chapter 7. Authorization: what are you allowed to do?
We’re on the second “A” of security: after authenticating you so that it knows who you are, SQL Server needs to decide what you’re allowed to do. By default, the answer is “Nothing.” You have to be granted permission to do things, both at the server level and within individual databases, and that’s what this chapter is all about.
SQL Server has an extremely granular system of permissions that determines who is allowed to do what. Remember, the authentication process tells SQL Server who you are; these permissions then determine what you can do.
There are server-wide permissions that govern your ability to do things such as create new databases and logins, but most of the time you’ll be more concerned with database-level permissions. These determine what a user can do from within a specific database, and there are a lot of options.
Remember
Server-level permissions are assigned to logins, and database-level permissions are assigned to database users.