Role Description
db_owner This role can do anything in the database.
db_accessadmin This role works with user IDs.
db_securityadmin This role handles security; its members can change permissions, object ownerships, roles, and role members.
db_ddladmin This role creates objects such as tables and views in a database, but it can't grant permissions to them. Developers often have this role on a project.
db_backupoperator You can grant this role to a service or users so that they can run maintenance commands and back up the database.
db_datareader This common role allows a user to select all data from any user table.
db_datawriter This role allows users to modify any data in any user table.
db_denydatareader If users leave the company, it's common to apply this role and the one below to their account. It prevents users from selecting any data from the database.
db_denydatawriter This role prevents the account from changing data in the database.

Table 2 Manage the Data.
Use these roles to do everything from changing data to preventing an ex-employee from selecting data in a database.