Users

A user ID identifies a user within a database. All permissions and ownership of objects in the database are controlled by the user account. User accounts are specific to a database; the xyz user account in the sales database is different from the xyz user account in the inventory database, even though both accounts have the same ID. User IDs are defined by members of the db_owner fixed database role.

A login ID by itself does not give a user permissions to access objects in any databases. A login ID must be associated with a user ID in each database before anyone connecting with that login ID can access objects in the databases. If a login ID has not been explicitly associated with any user ID in a database, it is associated with the guest user ID. If a database has no guest user account, a login cannot access the database unless it has been associated with a valid user account.

When a user ID is defined, it is associated with a login ID. For example, a member of the db_owner role can associate the Microsoft® Windows NT® login NETDOMAIN\Joe with user ID abc in the sales database and user ID def in the employee database. The default is for the login ID and user ID to be the same.

This example shows giving a Windows NT account access to a database and associating the login with a user in the database:

USE master

GO
sp_grantlogin 'NETDOMAIN\Sue'

GO

sp_defaultdb @loginame = 'NETDOMAIN\Sue', defdb = 'sales'

GO

USE sales

GO
sp_grantdbaccess 'NETDOMAIN\Sue', 'Sue'

GO

  

In the sp_grantlogin statement, the Windows NT user NETDOMAIN\Sue is given access to Microsoft SQL Server™ The sp_defaultdb statement makes the sales database her default database. The sp_grantdbaccess statement gives the login NETDOMAIN\Sue access to the sales database and sets her user ID within sales to Sue.

This example shows defining a SQL Server login, assigning a default database, and associating the login with a user in the database:

USE master

GO
sp_addlogin @loginame = 'TempWorker', @password = 'fff', defdb = 'sales'

GO

USE sales

GO
sp_grantdbaccess 'TempWorker'

GO

The sp_addlogin statement defines a SQL Server login that will be used by various temporary workers. The statement also specifies the sales database as the default database for the login. The sp_grantdbaccess statement grants the TempWorker login access to the sales database; because no username is specified, it defaults to TempWorker.

A user in a database is identified by the user ID, not the login ID. For example, sa is a login account mapped automatically to the special user account dbo (database owner) in every database. All the security-related statements use the user ID as the security_name parameter. It is less confusing if the members of the sysadmin fixed server role and the db_owner fixed database role set up the system such that the login ID and user ID of each user are the same, but it is not a requirement.

The guest account is a special user account in SQL Server databases. If a user enters a USE database statement to access a database in which they are not associated with a user account, they are instead associated with the guest user.

See Also
guest User sp_grantdbaccess
sp_defaultdb sp_addlogin
sp_grantlogin  

  


(c) 1988-98 Microsoft Corporation. All Rights Reserved.