Skip to main content

Database roles

Each SQL Server database also contains a set of roles. Because roles are unique to each database, you must create a db_roles_<database name> attribute for each database. For example, an SQL Server install always has a database called "master". To manage roles for this database, create the attribute db_roles_master .

Create the db_roles_<database name> attribute as a multi-valued attribute. Its values list the roles that a user has in that database. The "fixed" list of possible roles are:

db_owner
db_accessadmin
db_datareader
db_datawriter
db_ddladmin
db_securityadmin
db_backupoperator
db_denydatareader
db_denydatawriter

Note

The database roles (db_roles_<database name> ) attributes are copied by default. If you want to SET one or more of the attributes, they must have a Sequence Number higher than that of the databases attribute, since a user must have access to a database before the user can have a role for that database.

In this section:

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.