All Products
Search

This Product

    ApsaraDB RDS:Account permissions in an ApsaraDB RDS for SQL Server instance

    Document Center

    ApsaraDB RDS:Account permissions in an ApsaraDB RDS for SQL Server instance

    Last Updated:Oct 25, 2024

    This topic describes the accounts that you can use in an ApsaraDB RDS for SQL Server instance. This topic also describes the roles and permissions of the accounts.

    Precautions

    For security purposes, ApsaraDB RDS restricts specific permissions. The restricted permissions are encapsulated in stored procedures. You can run the stored procedures to perform the operations on which the permissions are restricted. For more information, see Stored procedures.

    Account permissions

    Account type

    Authorized object

    Permission type

    Role

    Permission

    • Privileged account

    • Standard account

    User database

    Owner

    • Server-level role

      • public

      • processadmin

      • setupadmin

    • Database-level role

      • public

      • db_owner

    Server-level permissions

    • CONNECT SQL

    • ALTER ANY LOGIN

    • ALTER ANY LINKED SERVER

    • ALTER ANY CONNECTION

    • ALTER TRACE

    • VIEW ANY DATABASE

    • VIEW SERVER STATE

    • ALTER SERVER STATE

    Database-level permissions

    • CREATE TABLE

    • CREATE VIEW

    • CREATE PROCEDURE

    • CREATE FUNCTION

    • CREATE RULE

    • CREATE DEFAULT

    • CREATE TYPE

    • CREATE ASSEMBLY

    • CREATE XML SCHEMA COLLECTION

    • CREATE SCHEMA

    • CREATE SYNONYM

    • CREATE AGGREGATE

    • CREATE ROLE

    • CREATE MESSAGE TYPE

    • CREATE SERVICE

    • CREATE CONTRACT

    • CREATE REMOTE SERVICE BINDING

    • CREATE ROUTE

    • CREATE QUEUE

    • CREATE SYMMETRIC KEY

    • CREATE ASYMMETRIC KEY

    • CREATE FULLTEXT CATALOG

    • CREATE CERTIFICATE

    • CREATE DATABASE DDL EVENT NOTIFICATION

    • CONNECT

    • CONNECT REPLICATION

    • CHECKPOINT

    • SUBSCRIBE QUERY NOTIFICATIONS

    • AUTHENTICATE

    • SHOWPLAN

    • ALTER ANY USER

    • ALTER ANY ROLE

    • ALTER ANY APPLICATION ROLE

    • ALTER ANY COLUMN ENCRYPTION KEY

    • ALTER ANY COLUMN MASTER KEY

    • ALTER ANY SCHEMA

    • ALTER ANY ASSEMBLY

    • ALTER ANY DATABASE SCOPED CONFIGURATION

    • ALTER ANY DATASPACE

    • ALTER ANY EXTERNAL DATA SOURCE

    • ALTER ANY EXTERNAL FILE FORMAT

    • ALTER ANY MESSAGE TYPE

    • ALTER ANY CONTRACT

    • ALTER ANY SERVICE

    • ALTER ANY REMOTE SERVICE BINDING

    • ALTER ANY ROUTE

    • ALTER ANY FULLTEXT CATALOG

    • ALTER ANY SYMMETRIC KEY

    • ALTER ANY ASYMMETRIC KEY

    • ALTER ANY CERTIFICATE

    • ALTER ANY SECURITY POLICY

    • SELECT

    • INSERT

    • UPDATE

    • DELETE

    • REFERENCES

    • EXECUTE

    • ALTER ANY DATABASE DDL TRIGGER

    • ALTER ANY DATABASE EVENT NOTIFICATION

    • ALTER ANY DATABASE AUDIT

    • ALTER ANY DATABASE EVENT SESSION

    • KILL DATABASE CONNECTION

    • VIEW ANY COLUMN ENCRYPTION KEY DEFINITION

    • VIEW ANY COLUMN MASTER KEY DEFINITION

    • VIEW DATABASE STATE

    • VIEW DEFINITION

    • TAKE OWNERSHIP

    • ALTER

    • ALTER ANY MASK

    • UNMASK

    • EXECUTE ANY EXTERNAL SCRIPT

    • CONTROL

    Read permissions

    • Server-level role

      • public

      • processadmin

      • setupadmin

    • Database-level role

      • public

      • db_datareader

    Server-level permissions

    • CONNECT SQL

    • ALTER ANY LOGIN

    • ALTER ANY LINKED SERVER

    • ALTER ANY CONNECTION

    • ALTER TRACE

    • VIEW ANY DATABASE

    • VIEW SERVER STATE

    • ALTER SERVER STATE

    Database-level permissions

    • CONNECT

    • SHOWPLAN

    • SELECT

    • KILL DATABASE CONNECTION

    • VIEW ANY COLUMN ENCRYPTION KEY DEFINITION

    • VIEW ANY COLUMN MASTER KEY DEFINITION

    • VIEW DATABASE STATE

    Read and write permissions (DML)

    • Server-level role

      • public

      • processadmin

      • setupadmin

    • Database-level role

      • public

      • db_datareader

      • db_datawriter

    Server-level permissions

    • CONNECT SQL

    • ALTER ANY LOGIN

    • ALTER ANY LINKED SERVER

    • ALTER ANY CONNECTION

    • ALTER TRACE

    • VIEW ANY DATABASE

    • VIEW SERVER STATE

    • ALTER SERVER STATE

    Database-level permissions

    • CONNECT

    • SHOWPLAN

    • SELECT

    • INSERT

    • UPDATE

    • DELETE

    • KILL DATABASE CONNECTION

    • VIEW ANY COLUMN ENCRYPTION KEY DEFINITION

    • VIEW ANY COLUMN MASTER KEY DEFINITION

    • VIEW DATABASE STATE

    Superuser account

    All databases

    All permissions

    • Server-level role: sysadmin

    • Database-level role: db_owner

    Server-level permissions

    • CONNECT SQL

    • SHUTDOWN

    • CREATE ENDPOINT

    • CREATE ANY DATABASE

    • CREATE AVAILABILITY GROUP

    • ALTER ANY LOGIN

    • ALTER ANY CREDENTIAL

    • ALTER ANY ENDPOINT

    • ALTER ANY LINKED SERVER

    • ALTER ANY CONNECTION

    • ALTER ANY DATABASE

    • ALTER RESOURCES

    • ALTER SETTINGS

    • ALTER TRACE

    • ALTER ANY AVAILABILITY GROUP

    • ADMINISTER BULK OPERATIONS

    • AUTHENTICATE SERVER

    • EXTERNAL ACCESS ASSEMBLY

    • VIEW ANY DATABASE

    • VIEW ANY DEFINITION

    • VIEW SERVER STATE

    • CREATE DDL EVENT NOTIFICATION

    • CREATE TRACE EVENT NOTIFICATION

    • ALTER ANY EVENT NOTIFICATION

    • ALTER SERVER STATE

    • UNSAFE ASSEMBLY

    • ALTER ANY SERVER AUDIT

    • CREATE SERVER ROLE

    • ALTER ANY SERVER ROLE

    • ALTER ANY EVENT SESSION

    • CONNECT ANY DATABASE

    • IMPERSONATE ANY LOGIN

    • SELECT ALL USER SECURABLES

    • CONTROL SERVER

    Database-level permissions

    • CREATE TABLE

    • CREATE VIEW

    • CREATE PROCEDURE

    • CREATE FUNCTION

    • CREATE RULE

    • CREATE DEFAULT

    • BACKUP DATABASE

    • BACKUP LOG

    • CREATE DATABASE

    • CREATE TYPE

    • CREATE ASSEMBLY

    • CREATE XML SCHEMA COLLECTION

    • CREATE SCHEMA

    • CREATE SYNONYM

    • CREATE AGGREGATE

    • CREATE ROLE

    • CREATE MESSAGE TYPE

    • CREATE SERVICE

    • CREATE CONTRACT

    • CREATE REMOTE SERVICE BINDING

    • CREATE ROUTE

    • CREATE QUEUE

    • CREATE SYMMETRIC KEY

    • CREATE ASYMMETRIC KEY

    • CREATE FULLTEXT CATALOG

    • CREATE CERTIFICATE

    • CREATE DATABASE DDL EVENT NOTIFICATION

    • CONNECT

    • CONNECT REPLICATION

    • CHECKPOINT

    • SUBSCRIBE QUERY NOTIFICATIONS

    • AUTHENTICATE

    • SHOWPLAN

    • ALTER ANY USER

    • ALTER ANY ROLE

    • ALTER ANY APPLICATION ROLE

    • ALTER ANY COLUMN ENCRYPTION KEY

    • ALTER ANY COLUMN MASTER KEY

    • ALTER ANY SCHEMA

    • ALTER ANY ASSEMBLY

    • ALTER ANY DATABASE SCOPED CONFIGURATION

    • ALTER ANY DATASPACE

    • ALTER ANY EXTERNAL DATA SOURCE

    • ALTER ANY EXTERNAL FILE FORMAT

    • ALTER ANY MESSAGE TYPE

    • ALTER ANY CONTRACT

    • ALTER ANY SERVICE

    • ALTER ANY REMOTE SERVICE BINDING

    • ALTER ANY ROUTE

    • ALTER ANY FULLTEXT CATALOG

    • ALTER ANY SYMMETRIC KEY

    • ALTER ANY ASYMMETRIC KEY

    • ALTER ANY CERTIFICATE

    • ALTER ANY SECURITY POLICY

    • SELECT

    • INSERT

    • UPDATE

    • DELETE

    • REFERENCES

    • EXECUTE

    • ALTER ANY DATABASE DDL TRIGGER

    • ALTER ANY DATABASE EVENT NOTIFICATION

    • ALTER ANY DATABASE AUDIT

    • ALTER ANY DATABASE EVENT SESSION

    • KILL DATABASE CONNECTION

    • VIEW ANY COLUMN ENCRYPTION KEY DEFINITION

    • VIEW ANY COLUMN MASTER KEY DEFINITION

    • VIEW DATABASE STATE

    • VIEW DEFINITION

    • TAKE OWNERSHIP

    • ALTER

    • ALTER ANY MASK

    • UNMASK

    • EXECUTE ANY EXTERNAL SCRIPT

    • CONTROL