Difference between revisions of "SQL Server 2008"

Revision as of 21:23, 20 June 2014

Because the owner is the root of trust. It is the owner that grants, denies and revokes permission on the object
http://www.sqlteam.com/article/understanding-the-difference-between-owners-and-schemas-in-sql-server
http://msdn.microsoft.com/en-us/library/bb669061%28v=vs.110%29.aspx
http://blogs.msdn.com/b/lcris/archive/2007/03/23/basic-sql-server-security-concepts-logins-users-and-principals.aspx logins and users
A login is the principal that is used to connect to the server. A user is the principal that is used to connect to a database.

Logins are a server wide (instance level) objects. Their correct name is 'server principals' (see sys.server_principals).
Server wide privileges are granted to logins, like create database or view server state permissions.
Users are a database objects, correctly referred to as 'database principals' (see sys.database_principals).
They are the recipients of database permissions, like create table or select.
Ordinarily a login is mapped 1-to-1 to a user in each database, via a matching SID, but there are some exception, like all members of the sysadmin fixed server role are always mapped to dbo. Users without login are a specific construct for Service Broker remote identities (see Remote Service Bindings) and for code signing. You should never have to create one in any other context, and if you do, you're likely doing it wrong. Users without login are never meant to be impersonated.

http://www.sqlservercentral.com/blogs/brian_kelley/2009/04/21/sql-server-security-basics-logins-vs-users/
https://www.youtube.com/watch?v=c3gPdKaLlkg This is quite good