| Role |
Description |
| db_owner |
This role can do anything in the database. |
| db_accessadmin |
This role works with user IDs. |
| db_securityadmin |
This role handles security; its members can change permissions, object ownerships, roles, and role members. |
| db_ddladmin |
This role creates objects such as tables and views in a database, but it can't grant permissions to them. Developers often have this role on a project. |
| db_backupoperator |
You can grant this role to a service or users so that they can run maintenance commands and back up the database. |
| db_datareader |
This common role allows a user to select all data from any user table. |
| db_datawriter |
This role allows users to modify any data in any user table. |
| db_denydatareader |
If users leave the company, it's common to apply this role and the one below to their account. It prevents users from selecting any data from the database. |
| db_denydatawriter |
This role prevents the account from changing data in the database. |