The architecture of a security system is based on users and groups of users, referred to as Security Principals. This illustration shows how users and local and global groups in Microsoft® Windows NT® can map to security accounts in Microsoft SQL Server™ and how SQL Server can handle security accounts independently of the accounts in Windows NT.
The CORPUSERS local group contains two users and a global group, Mktg, which also contains two users. SQL Server allows Windows NT local and global groups to be used directly to organize its user accounts. Additionally, the Windows NT users Fred and Jerry, not part of a Windows NT group, can be added to SQL Server either directly as a Windows NT user (Fred for example), or as a SQL Server user (Jerry).
SQL Server extends the above model further with the use of roles. Roles are groups of users organized for administrative purposes, similarly to Windows NT groups. Roles can be used to organize users where an equivalent Windows NT group does not exist. For example, the Managers role contains the Windows NT Mktg global group, and the Windows NT users Frank and Fred.
SQL Server also provides security at the application level through the use of individual database application roles.
For more information about Windows NT users and groups, see your Windows NT documentation.