Skip to content

securables.md

Latest commit

 

History

History
122 lines (75 loc) · 4.62 KB

securables.md

File metadata and controls

122 lines (75 loc) · 4.62 KB
title Securables | Microsoft Docs
ms.custom
ms.date 10/18/2016
ms.prod sql
ms.prod_service database-engine, sql-database, sql-data-warehouse, pdw
ms.reviewer
ms.technology security
ms.topic conceptual
f1_keywords
sql13.swb.roleproperties.selectobject.f1
helpviewer_keywords
securables [SQL Server]
schemas [SQL Server], securables
database securables [SQL Server]
hierarchies [SQL Server], securables
server securables [SQL Server]
ms.assetid bfa748f0-70b0-453c-870a-04b7b205b9ff
author VanMSFT
ms.author vanto
monikerRange >=aps-pdw-2016||=azuresqldb-current||=azure-sqldw-latest||>=sql-server-2016||=sqlallproducts-allversions||>=sql-server-linux-2017||=azuresqldb-mi-current

Securables

[!INCLUDEappliesto-ss-asdb-asdw-pdw-md]

Securables are the resources to which the [!INCLUDEssDEnoversion] authorization system regulates access. For example, a table is a securable. Some securables can be contained within others, creating nested hierarchies called "scopes" that can themselves be secured. The securable scopes are server, database, and schema.

Securable scope: Server

The server securable scope contains the following securables:

  • Availability group

  • Endpoint

  • Login

  • Server role

  • Database

Securable scope: Database

The database securable scope contains the following securables:

  • Application role

  • Assembly

  • Asymmetric key

  • Certificate

  • Contract

  • Fulltext catalog

  • Fulltext stoplist

  • Message type

  • Remote Service Binding

  • (Database) Role

  • Route

  • Schema

  • Search property list

  • Service

  • Symmetric key

  • User

Securable scope: Schema

The schema securable scope contains the following securables:

  • Type

  • XML schema collection

  • Object - The object class has the following members:

    • Aggregate

    • Function

    • Procedure

    • Queue

    • Synonym

    • Table

    • View

    • External Table

Controlling Access to a Securable

The entity that receives permission to a securable is called a principal. The most common principals are logins and database users. Access to securables is controlled by granting or denying permissions, or by adding logins and users to roles which have access. For information about controlling permissions, see GRANT (Transact-SQL), REVOKE (Transact-SQL), DENY (Transact-SQL), sp_addrolemember (Transact-SQL), and sp_droprolemember (Transact-SQL).

Caution

The default permissions that are granted to system objects at the time of setup are carefully evaluated against possible threats and need not be altered as part of hardening the [!INCLUDEssNoVersion] installation. Any changes to the permissions on the system objects could limit or break the functionality and could potentially leave your [!INCLUDEssNoVersion] installation in an unsupported state.

Related Content

Getting Started with Database Engine Permissions

Securing SQL Server

sys.database_principals (Transact-SQL)

sys.database_role_members (Transact-SQL)

sys.server_principals (Transact-SQL)

sys.server_role_members (Transact-SQL)

sys.sql_logins (Transact-SQL)