Databases Reference
In-Depth Information
11.2.2 Controlling Database Access
In a multitiered system, database access is managed through database users. Each
database's users are managed separately from those associated with other data-
bases. That means that after logging in you might have access to some databases
on the server, but not others. SQL Server also includes a
Guest
account that
allows for anonymous access. The Guest account is disabled by default and
Microsoft recommends that you leave the account disabled unless you have a
specific need for supporting anonymous access.
SQL Server lets you manage users through command-line commands and
the SQL Server Management Studio. Each database has a Users folder like the
one shown in Figure 11-9, for user management. When you create a user you
will typically associate it with a login, though SQL Server does support other
creation options. These additional options are beyond the scope of this chapter,
but are explained in SQL Server's online documentation.
The recommended method for managing permissions is again through roles,
this time groups of users rather than logins, which have assigned permissions. In
SQL Server, all database users are members of the
Public
role for that database,
so any permissions you want to assign everyone would be given to this role.
Figure 11-9
Database Users folder.
