Authorization
Authorization refers to the object-level permission a user has within a SQL database. For example, a user may have access to read one set of tables and to read-write on another set of tables.
The admin accounts, SQL authentication accounts, and Azure AD accounts have db_owner access to all databases and are allowed to do anything within a database.
Server-Level Administrative Roles
There are two additional server-level administrative roles: database creators and login managers.
Database Creators
Members of database creators (dbmanager) are allowed to create new SQL databases. To create a new user with the database creator role:
- Log in to SSMS with either Azure AD admin or SQL Server admin.
- Create a new login in the master database using the following query:
CREATE LOGIN John WITH PASSWORD = 'Very$Stro9gPa$$w0rd';
- Create a new user in the master database mapped to log in John using the following query:
CREATE USER John FROM LOGIN John
- Add the user John to...
