3. SQL Authentication Types
SQL Server supports two authentication modes, Windows authentication mode and mixed mode.
Windows authentication is the default, and is often referred to as integrated security because this SQL
Server security model is tightly integrated with Windows. Specific Windows user and group accounts
are trusted to log in to SQL Server. Windows users who have already been authenticated do not have
to present additional credentials.
Mixed mode supports authentication both by Windows and by SQL Server. User name and password
pairs are maintained within SQL Server.
4. Authentication Scenarios
Windows authentication is usually the best choice in the following situations:
There is a domain controller.
The application and the database are on the same computer.
You are using an instance of SQL Server Express or LocalDB.
SQL Server logins are often used in the following situations:
If you have a workgroup.
Users connect from different, non-trusted domains.
Internet applications, such as ASP.NET.
5. Login Types
SQL Server supports three types of logins:
A local Windows user account or trusted domain account. SQL Server relies on Windows to
authenticate the Windows user accounts.
Windows group. Granting access to a Windows group grants access to all Windows user logins that are
members of the group.
SQL Server login. SQL Server stores both the username and a hash of the password in the master
database, by using internal authentication methods to verify login attempts.
https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/sql/authentication-in-sql-
server#:~:text=SQL%20Server%20supports%20two%20authentication,is%20tightly%20integrated%20with%2
0Windows.
Mixed Mode Authentication
If you must use mixed mode authentication, you must create SQL Server logins, which are stored in
SQL Server. You then have to supply the SQL Server user name and password at run time.
6. SQL Server Roles
Fixed server-level
role
Description
sysadmin Members of the sysadmin fixed server role can perform any activity in the server.
serveradmin Members of the serveradmin fixed server role can change server-wide configuration options
and shut down the server.
securityadmin Members of the securityadmin fixed server role manage logins and their properties. They
can GRANT, DENY, and REVOKE server-level permissions. They can also GRANT, DENY,
and REVOKE database-level permissions if they have access to a database. Additionally, they can
reset passwords for SQL Server logins.
processadmin Members of the processadmin fixed server role can end processes that are running in an
instance of SQL Server.
setupadmin Members of the setupadmin fixed server role can add and remove linked servers by using
Transact-SQL statements. (sysadmin membership is needed when using Management Studio.)
bulkadmin Members of the bulkadmin fixed server role can run the BULK INSERT statement.
diskadmin The diskadmin fixed server role is used for managing disk files.
dbcreator Members of the dbcreator fixed server role can create, alter, drop, and restore any database.
public EOnly assign public permissions on any object when you want the object to be available to all
users. You cannot change membership in public.