Microsoft SQL Server vNext and Azure SQL Database

NOTES: The CONTROL SERVER permission has all permissions on the instance of SQL Server or SQL Database.
The CONTROL DATABASE permission has all permissions on the database.
Permissions do not imply role memberships and role memberships do not grant permissions. (E.g. CONTROL SERVER does not imply
Permission Syntax membership in the sysadmin fixed server role. Membership in the db_owner role does not grant the CONTROL DATABASE permission.)
Most permission statements have the format :
However, it is sometimes possible to impersonate between roles and equivalent permissions.
AUTHORIZATION PERMISSION ON SECURABLE::NAME TO PRINCIPAL

Database Engine Permissions

Granting any permission on a securable allows VIEW DEFINITION on that securable. It is an implied permissions and it cannot be revoked,
AUTHORIZATION must be GRANT, REVOKE or DENY.
PERMISSION is listed in the charts below.
but it can be explicitly denied by using the DENY VIEW DEFINITION statement.
ON SECURABLE::NAME is the server, server object, database, or database object and its name. (ON SECURABLE::NAME is omitted SQL Database permissions refer to version 12.
for server-wide and database-wide permissions.) Object owners can delete them but they do not have full permissions on them.
PRINCIPAL is the login, user, or role which receives or loses the permission. Grant permissions to roles whenever possible.
A DENY on a table is overridden by a GRANT on a column. However, a subsequent DENY on the table will remove the column GRANT.
Sample grant statement: GRANT UPDATE ON OBJECT::Production.Parts TO PartsTeam
Denying a permission at any level, overrides a related grant.
To remove a previously granted permission, use REVOKE, not DENY.
Database Level Permissions
How to Read this Chart Top Level Database Permissions db_owner role db_owner has all permissions in the database. Connect and Authentication Database Permissions Assembly Permissions
Most of the more granular permissions are included in more than one higher level scope permission. So permissions can be inherited
from more than one type of higher scope.
CONTROL SERVER CONTROL DATABASE STATEMENTS: DROP DATABASE CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON USER::<name> CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON ASSEMBLY::<name>
Black, green, and purple arrows and boxes point to subordinate permissions that are included in the scope of higher a level permission.
Brown arrows and boxes indicate some of the statements that can use the permission.
Permissions in black apply to both SQL Server 2016 and Azure SQL Database CREATE DATABASE ** STATEMENTS: CREATE DATABASE, RESTORE DATABASE ** NOTE: CREATE DATABASE is a database level permission that can only be
CREATE ANY DATABASE
Permissions in red apply only to SQL Server 2016 ALTER ON DATABASE::<name> granted in the master database. For SQL Database use the dbmanager role.
ALTER ANY DATABASE
Permissions marked with apply to SQL Server vNext and Azure SQL Database VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON USER::<name> VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON ASSEMBLY::<name>
Permissions in blue apply only to Azure SQL Database REFERENCES ON DATABASE::<name> REFERENCES ON ASSEMBLY::<name>
ALTER ANY APPLICATION ROLE See Application Roles Permissions Chart STATEMENTS:
The newest permissions are underlined
ALTER ANY ASSEMBLY See Assembly Permissions Chart EXECUTE AS
ALTER ANY DATABASE ALTER ON DATABASE::<name> IMPERSONATE ON USER::<name> ALTER ANY DATABASE ALTER ON DATABASE::<name> TAKE OWNERSHIP ON ASSEMBLY::<name>
ALTER ANY ASYMMETRIC KEY See Asymmetric Key Permissions Chart

Azure SQL Database Permissions ALTER ANY CERTIFICATE See Certificate Permissions Chart
ALTER ANY COLUMN ENCRYPTION KEY ALTER ANY USER ALTER ON USER::<name> ALTER ANY ASSEMBLY ALTER ON ASSEMBLY::<name>

Outside the Database Notes:

Server-Level Principal Logins are the Server admin and Azure Active Directory
ALTER ANY COLUMN MASTER KEY
ALTER ANY CONTRACT See Service Broker Permissions Chart STATEMENTS:
STATEMENTS: STATEMENTS:
Admin accounts. ALTER USER ALTER ASSEMBLY
ALTER ANY SERVER AUDIT ALTER ANY DATABASE AUDIT CREATE DATABASE AUDIT SPECIFICATION
Server-level permissions cannot be granted on SQL Database. Use the DROP USER Note: CREATE and ALTER ASSEMBLY
Top Level Server Permissions loginmanager and dbmanager roles in the master database instead. ALTER ANY DATABASE DDL TRIGGER CREATE/ALTER/DROP database triggers statements sometimes require server
DROP ASSEMBLY
CONNECT ANY DATABASE CONNECT REPLICATION ON DATABASE::<name> level EXTERNAL ACCESS ASSEMBLY CREATE ASSEMBLY CREATE ASSEMBLY
ALTER ANY EVENT NOTIFICATION ALTER ANY DATABASE EVENT NOTIFICATION See Event Notifications Permissions Chart
CONNECT ON DATABASE::<name> CREATE USER and UNSAFE ASSEMBLY permissions,
STATEMENTS: ALTER ANY DATABASE EVENT SESSION and can require membership in the
Server-Level Principal Logins loginmanager role
loginmanager role CREATE LOGIN sysadmin fixed server role.
ALTER ANY DATABASE SCOPED CONFIGURATION
ALTER LOGIN ALTER ANY DATASPACE PARTITION & PLAN GUIDE statements
dbmanager role DROP LOGIN ALTER ANY EXTERNAL DATA SOURCE NOTES:

ALTER ANY EXTERNAL FILE FORMAT When contained databases are enabled, creating a database user SQL Database can be a push replication subscriber which
STATEMENTS: db_accessadmin role
USER DATABASE that authenticates at the database, grants CONNECT ON DATABASE requires no special permissions.
If you create ALTER ANY FULLTEXT CATALOG See Full-text Permissions Chart
CREATE DATABASE
ALTER DATABASE
a database db_owner role
ALTER ANY MESSAGE TYPE See Service Broker Permissions Chart to that user, and it can access SQL Server without a login. Event Notification Permissions (SQL Server only)
ALTER ANY REMOTE SERVICE BINDING See Service Broker Permissions Chart Granting ALTER ANY USER allows a principal to create a user based
DROP DATABASE CONTROL ON DATABASE::<name>
ALTER ANY ROLE See Database Role Permissions Chart on a login, but does not grant the server level permission to view CONTROL SERVER CONTROL ON DATABASE::<name>
ALTER ANY ROUTE See Service Broker Permissions Chart information about logins.

db_ddladmin role ALTER ANY SCHEMA See Database Permissions Schema Objects Chart
ALTER ON DATABASE::<name>
ALTER ANY SECURITY POLICY

Server Level Permissions for SQL Server ALTER ANY SERVICE See Service Broker Permissions Chart Database Role Permissions
ALTER ANY SYMMETRIC KEY See Symmetric Key Permissions Chart Database scoped event notifications
ALTER ANY EVENT NOTIFICATION ALTER ANY DATABASE EVENT NOTIFICATION
ALTER ANY USER See Connect and Authentication Database Permissions Chart CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON ROLE::<name>
Top Level Server Permissions
CREATE AGGREGATE CREATE DDL EVENT NOTIFICATION CREATE DATABASE DDL EVENT NOTIFICATION Database scoped DDL event notifications
sysadmin role
STATEMENTS: CREATE DEFAULT
STATEMENTS:
CONTROL SERVER CREATE/ALTER/DROP server triggers CREATE FUNCTION CREATE TRACE EVENT NOTIFICATION Event notifications on trace events
CREATE/ALTER/DROP server triggers VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON ROLE::<name>
CREATE PROCEDURE
ADMINISTER BULK OPERATIONS bulkadmin role OPENROWSET(BULK.
OPENROWSET(BULK CREATE QUEUE
ALTER ANY AVAILABILITY GROUP See Availability Group Permissions CREATE RULE ALTER ANY DATABASE ALTER ON DATABASE::<name> TAKE OWNERSHIP ON ROLE::<name>
CREATE AVAILABILTY GROUP CREATE SYNONYM Note: EVENT NOTIFICATION permissions also affect service

ALTER ANY CONNECTION KILL CREATE TABLE broker. See the service broker chart for more into.

ALTER ANY CREDENTIAL CREATE TYPE ALTER ANY ROLE ALTER ON ROLE::<name>
CREATE/ALTER/DROP CREDENTIAL db_securityadmin role
processadmin role
ALTER ANY DATABASE See Database Permission Charts dbcreator role CREATE VIEW
STATEMENTS:
CREATE ANY DATABASE See Top Level Database Permissions CREATE XML SCHEMA COLLECTION
ALTER ROLE <name> ADD MEMBER
ALTER ANY ENDPOINT See Connect and Authentication
CREATE ENDPOINT See Connect and Authentication ADMINISTER DATABASE BULK OPERATIONS STATEMENTS:
DROP ROLE Service Broker Permissions (SQL Server only)
CREATE ROLE CREATE ROLE
NOTES: Only members of the db_owner
ALTER ANY EVENT NOTIFICATION Server scoped event notifications ALTER ANY DATABASE SCOPED CONFIGURATION ALTER DATABASE SCOPED CONFIGURATION
fixed database role can add or remove CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON SERVICE::<name>
CREATE DDL EVENT NOTIFICATION Server scoped DDL event notifications ALTER ANY MASK
members from fixed database roles.
CREATE TRACE EVENT NOTIFICATION Event notifications on trace events AUTHENTICATE SERVER AUTHENTICATE Combined with TRUSTWORTHY allows delegation of authentication
ALTER ANY EVENT SESSION Extended event sessions BACKUP DATABASE BACKUP DATABASE
ALTER ANY LINKED SERVER setupadmin role sp_addlinkedserver BACKUP LOG db_backupoperator role BACKUP LOG
ALTER ANY LOGIN See Connect and Authentication securityadmin role CHECKPOINT CHECKPOINT VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON SERVICE::<name>

ALTER ANY SERVER AUDIT CREATE/ALTER/DROP SERVER AUDIT CONNECT REPLICATION See Connect and Authentication Database Permissions Chart
Application Role Permissions SEND ON SERVICE::<name>
and SERVER AUDIT SPECIFICATION TAKE OWNERSHIP ON SERVICE::<name>
ALTER ANY SERVER ROLE See Server Role Permissions DELETE
CREATE SERVER ROLE See Server Role Permissions EXECUTE CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON APPLICATION ROLE::<name> ALTER ANY DATABASE ALTER ON DATABASE::<name>

ALTER RESOURCES (NA. Use diskadmin role instead.) INSERT STATEMENTS:

ALTER SERVER STATE DBCC
DBCC FREECACHE
FREECACHE and
and SQLPERF
SQLPERF REFERENCES Applies to subordinate objects in the database. See ALTER ANY SERVICE ALTER ON SERVICE::<name>
serveradmin role
VIEW SERVER STATE SELECT
SELECT on
on server-level
server-level DMVs
DMVs SELECT Database Permissions Schema Objects chart. STATEMENTS:
ALTER SETTINGS UPDATE VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON APPLICATION ROLE::<name> ALTER SERVICE
sp_configure,
sp_configure, RECONFIGURE
RECONFIGURE Notes:
ALTER TRACE sp_trace_create
sp_create_trace VIEW ANY DEFINITION VIEW DEFINITION STATEMENTS: DROP SERVICE
ALTER AUTHORIZATION for any object might also require IMPERSONATE or
AUTHENTICATE SERVER Allows
Allows server-level
server-level delegation
delegation TAKE OWNERSHIP ALTER AUTHORIZATION CREATE SERVICE CREATE SERVICE
membership in a role or ALTER permission on a role.
CONNECT SQL See Connect and Authentication EXECUTE ANY EXTERNAL SCRIPT ALTER ANY DATABASE ALTER ON DATABASE::<name>
ALTER AUTHORIZATION exists at many levels in the permission model but is
CONNECT ANY DATABASE KILL DATABASE CONNECTION
never inherited from ALTER AUTHORIZATION at a higher level.
IMPERSONATE ANY LOGIN SHOWPLAN ALTER ANY APPLICATION ROLE ALTER ON APPLICATION ROLE::<name>
ALTER TRACE
SELECT ALL USER SECURABLES SUBSCRIBE QUERY NOTIFICATIONS Notes: CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON REMOTE SERVICE BINDING::<name>
STATEMENTS:
SHUTDOWN UNMASK In both SQL Server and SQL Database the public database role does not initially have access to any user objects.
SHUTDOWN* ALTER APPLICATION ROLE
public role The public database role has many grants to system objects, which is necessary to manage internal actions.
UNSAFE ASSEMBLY VIEW ANY COLUMN MASTER KEY DEFINITION DROP APPLICATION ROLE
EXTERNAL ACCESS ASSEMBLY VIEW ANY COLUMN ENCRYPTION KEY DEFINITION In SQL Server 2016, the public database role has the VIEW ANY COLUMN MASTER KEY DEFINITION and VIEW ANY
CREATE APPLICATION ROLE
VIEW ANY DEFINITION VIEW SERVER STATE VIEW DATABASE STATE COLUMN ENCRYPTION KEY DEFINITION permissions by default. They can be revoked. VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON REMOTE SERVICE BINDING::<name>
VIEW ANY DATABASE See Database Permissions Schema TAKE OWNERSHIP ON REMOTE SERVICE BINDING::<name>

* NOTE: The SHUTDOWN statement requires the SQL Server SHUTDOWN permission. Starting, stopping, and pausing the Database
Database Permissions Schema Objects db_ddladmin role ALTER ANY DATABASE ALTER ON DATABASE::<name>
Engine from SSCM, SSMS, or Windows requires Windows permissions, not SQL Server permissions.
Symmetric Key Permissions
public role
Object Permissions ALTER ANY REMOTE SERVICE BINDING ALTER ON REMOTE SERVICE BINDING::<name>
Server Permissions Database Permissions Schema Permissions Type Permissions CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON SYMMETRIC KEY::<name>
STATEMENTS:
XML Schema Collection Permissions
Connect and Authentication Server Permissions ALTER REMOTE SERVICE BINDING

CONTROL ON SERVER CONTROL ON DATABASE::<name> CONTROL ON SCHEMA ::<name> CONTROL ON OBJECT|TYPE|XML SCHEMA COLLECTION ::<name> DROP REMOTE SERVICE BINDING
CONTROL SERVER CONTROL ON LOGIN::<name> CREATE REMOTE SERVICE BINDING CREATE REMOTE SERVICE BINDING

VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON SYMMETRIC KEY::<name>
db_datareader role
db_denydatareader role VIEW CHANGE TRACKING ON SCHEMA::<name> VIEW CHANGE TRACKING ON OBJECT::<name> REFERENCES ON DATABASE::<name> REFERENCES ON SYMMETRIC KEY::<name>

SELECT ON DATABASE::<name> SELECT ON SCHEMA::<name> SELECT ON OBJECT::<table |view name> ALTER ANY DATABASE ALTER ON DATABASE::<name> TAKE OWNERSHIP ON SYMMETRIC KEY::<name> CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON CONTRACT::<name>
VIEW ANY DEFINITION VIEW DEFINITION ON LOGIN::<name> INSERT ON DATABASE::<name> INSERT ON SCHEMA::<name> INSERT ON OBJECT::< table |view name>
db_datawriter role
IMPERSONATE ON LOGIN::<name> STATEMENTS: UPDATE ON DATABASE::<name> UPDATE ON SCHEMA::<name> UPDATE ON OBJECT::< table |view name>
db_denydatawriter role
ALTER ANY LOGIN ALTER ON LOGIN::<name> EXECUTE AS DELETE ON DATABASE::<name> DELETE ON SCHEMA::<name> DELETE ON OBJECT::< table |view name> ALTER ANY SYMMETRIC KEY ALTER ON SYMMETRIC KEY::<name>
Note: OPEN SYMMETRIC KEY requires
EXECUTE ON DATABASE::<name> EXECUTE ON SCHEMA::<name> EXECUTE ON OBJECT|TYPE|XML SCHEMA COLLECTION::<name> VIEW DEFINITION permission on the VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON CONTRACT::<name>
STATEMENTS:
REFERENCES ON DATABASE::<name> REFERENCES ON SCHEMA::<name> REFERENCES ON OBJECT|TYPE|XML SCHEMA COLLECTION:<name> key (implied by any permission on the REFERENCES ON DATABASE::<name> REFERENCES ON CONTRACT::<name>
securityadmin role STATEMENTS: ALTER SYMMETRIC KEY
VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON SCHEMA::<name> VIEW DEFINITION ON OBJECT|TYPE|XML SCHEMA COLLECTION::<name> key), and requires permission on the TAKE OWNERSHIP ON CONTRACT::<name>
ALTER LOGIN, sp_addlinkedsrvlogin DROP SYMMETRIC KEY
TAKE OWNERSHIP ON DATABASE::<name> TAKE OWNERSHIP ON SCHEMA::<name> TAKE OWNERSHIP ON OBJECT|TYPE|XML SCHEMA COLLECTION::<name> key encryption hierarchy. ALTER ANY DATABASE ALTER ON DATABASE::<name>
DROP LOGIN CREATE SYMMETRIC KEY CREATE SYMMETRIC KEY
VIEW ANY DATABASE RECEIVE ON OBJECT::<queue name>
CREATE LOGIN
SELECT ON OBJECT::<queue name> ALTER ANY CONTRACT ALTER ON CONTRACT::<name>
ALTER ANY DATABASE ALTER ON DATABASE::<name>
STATEMENTS:
CONNECT SQL ALTER ANY SCHEMA ALTER ON SCHEMA::<name> ALTER ON OBJECT|TYPE|XML SCHEMA COLLECTION::<name> Asymmetric Key Permissions DROP CONTRACT
Notes: CREATE SCHEMA CREATE SEQUENCE CREATE CONTRACT CREATE CONTRACT
The CREATE LOGIN statement creates a login and grants CONNECT SQL to that login. CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON ASYMMETRIC KEY::<name>
OBJECT permissions apply to the following database objects:
Enabling a login (ALTER LOGIN <name> ENABLE) is not the same as granting CONNECT SQL permission. CREATE AGGREGATE
AGGREGATE
To map a login to a credential, see ALTER ANY CREDENTIAL. CREATE DEFAULT
DEFAULT
When contained databases are enabled, users can access SQL Server without a login. See database user CREATE FUNCTION
FUNCTION
permissions. CREATE PROCEDURE
CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON ROUTE::<name>
PROCEDURE VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON ASYMMETRIC KEY::<name>
To connect using a login you must have : CREATE QUEUE
QUEUE
o An enabled login CREATE RULE REFERENCES ON DATABASE::<name> REFERENCES ON ASYMMETRIC KEY::<name>
RULE
o CONNECT SQL CREATE SYNONYM
SYNONYM ALTER ANY DATABASE ALTER ON DATABASE::<name> TAKE OWNERSHIP ON ASYMMETRIC KEY::<name>
CONNECT for the database (if specified) CREATE TABLE
o VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON ROUTE::<name>
TABLE
CREATE TYPE
TAKE OWNERSHIP ON ROUTE::<name>
CONTROL ON ENDPOINT::<name> VIEW
CREATE VIEW ALTER ANY ASYMMETRIC KEY ALTER ON ASYMMETRIC KEY::<name>
(All permissions do not apply to all objects. For example
CREATE XML SCHEMA COLLECTION
ALTER ANY DATABASE ALTER ON DATABASE::<name>
UPDATE only applies to tables and views.) Note: ADD SIGNATURE requires STATEMENTS:
VIEW ANY DEFINITION CONTROL permission on the key, and ALTER ASYMMETRIC KEY
CONNECT ON ENDPOINT::<name> ALTER ANY ROUTE ALTER ON ROUTE::<name>
requires ALTER permission on the DROP ASYMMETRIC KEY
TAKE OWNERSHIP ON ENDPOINT::<name>
STATEMENTS:
object. CREATE ASYMMETRIC KEY CREATE ASYMMETRIC KEY
VIEW DEFINITION ON ENDPOINT::<name>
ALTER ROUTE
ALTER ANY ENDPOINT ALTER ON ENDPOINT::<name> Notes: DROP ROUTE
To create a schema object (such as a table) you must have CREATE permission for that object type To drop an object (such as a table) you must have ALTER permission on the schema or CONTROL CREATE ROUTE CREATE ROUTE
STATEMENTS:
plus ALTER ON SCHEMA::<name> for the schema of the object. Might require REFERENCES ON permission on the object.
ALTER ENDPOINT
OBJECT::<name> for any referenced CLR type or XML schema collection. To create an index requires ALTER OBJECT::<name> permission on the table or view.
Certificate Permissions
DROP ENDPOINT
To alter an object (such as a table) you must have ALTER permission on the object (or schema), or To create or alter a trigger on a table or view requires ALTER OBJECT::<name> on the table or view.
CREATE ENDPOINT CREATE ENDPOINT CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON CERTIFICATE::<name>
CONTROL permission on the object. To create statistics requires ALTER OBJECT::<name> on the table or view. CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON MESSAGE TYPE::<name>

Server Role Permissions Full-text Permissions

VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON CERTIFICATE::<name> VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON MESSAGE TYPE::<name>
REFERENCES ON DATABASE::<name> REFERENCES ON MESSAGE TYPE::<name>
REFERENCES ON DATABASE::<name> REFERENCES ON CERTIFICATE::<name>
CONTROL SERVER CONTROL ON SERVER ROLE::<name> CONTROL ON SEARCH PROPERTY LIST::<name> TAKE OWNERSHIP ON MESSAGE TYPE::<name>
CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON FULLTEXT STOPLIST::<name> ALTER ANY DATABASE ALTER ON DATABASE::<name> TAKE OWNERSHIP ON CERTIFICATE::<name> ALTER ANY DATABASE ALTER ON DATABASE::<name>
CONTROL ON FULLTEXT CATALOG::<name>
ALTER ANY MESSAGE TYPE ALTER ON MESSAGE TYPE::<name>
ALTER ANY CERTIFICATE ALTER ON CERTIFICATE::<name>
STATEMENTS:
VIEW ANY DEFINITION VIEW DEFINITION ON SERVER ROLE::<name>
VIEW DEFINITION ON SEARCH PROPERTY LIST::<name> STATEMENTS: ALTER MESSAGE TYPE
TAKE OWNERSHIP ON SERVER ROLE::<name>
VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON FULLTEXT STOPLIST::<name> Note: ADD SIGNATURE requires ALTER CERTIFICATE DROP MESSAGE TYPE
ALTER ANY SERVER ROLE ALTER ON SERVER ROLE::<name> CONTROL permission on the certificate,
VIEW DEFINITION ON FULLTEXT CATALOG::<name> DROP CERTIFICATE CREATE MESSAGE TYPE CREATE MESSAGE TYPE
and requires ALTER permission on the
object. CREATE CERTIFICATE CREATE CERTIFICATE CREATE QUEUE
STATEMENTS: REFERENCES ON SEARCH PROPERTY LIST::<name>
ALTER SERVER ROLE <name> ADD MEMBER REFERENCES ON DATABASE::<name> REFERENCES ON FULLTEXT STOPLIST::<name> Notes:
DROP SERVER ROLE REFERENCES ON FULLTEXT CATALOG::<name> The user executing the CREATE CONTRACT statement must have REFERENCES permission on
CREATE SERVER ROLE CREATE SERVER ROLE all message types specified.
The user executing the CREATE SERVICE statement must have REFERENCES permission on
NOTES: To add a member to a fixed server role, you must be a member of TAKE OWNERSHIP ON FULLTEXT CATALOG::<name> TAKE OWNERSHIP ON FULLTEXT STOPLIST::<name> TAKE OWNERSHIP ON SEARCH PROPERTY LIST::<name> Database Scoped Credential Permissions the queue and all contracts specified.
To execute the CREATE or ALTER REMOTE SERVICE BINDING the user must have
that fixed server role, or be a member of the sysadmin fixed server role. impersonate permission for the principal specified in the statement.
ALTER ANY DATABASE ALTER ON DATABASE::<name> When the CREATE or ALTER MESSAGE TYPE statement specifies a schema collection, the user
CONTROL SERVER CONTROL ON DATABASE::<name> CONTROL ON DATABASE SCOPED CREDENTIAL::<name>
executing the statement must have REFERENCES permission on the schema collection
specified.
ALTER ON SEARCH PROPERTY LIST::<name> See the ALTER ANY EVENT NOTIFICATION chart for more permissions related to Service
Availability Group Permissions Broker.
ALTER ANY FULLTEXT CATALOG ALTER ON FULLTEXT STOPLIST::<name> See the SCHEMA OBJECTS chart for QUEUE permissions.
ALTER ON FULLTEXT CATALOG::<name> The ALTER CONTRACT permission exists but at this time there is no ALTER CONTRACT
CONTROL SERVER CONTROL ON AVAILABILITY GROUP::<name> statement.
VIEW ANY DEFINITION VIEW DEFINITION ON DATABASE::<name> VIEW DEFINITION ON DATABASE SCOPED CREDENTIAL ::<name>
STATEMENTS:
CREATE FULLTEXT CATALOG REFERENCES ON DATABASE::<name> REFERENCES ON DATABASE SCOPED CREDENTIAL ::<name>
ALTER FULLTEXT CATALOG
CREATE FULLTEXT CATALOG
STATEMENTS: TAKE OWNERSHIP ON DATABASE SCOPED CREDENTIAL ::<name>
Questions and comments to
ALTER FULLTEXT STOPLIST Rick.Byham@Microsoft.com
VIEW ANY DEFINITION STATEMENTS:
VIEW DEFINITION ON AVAILABILITY GROUP::<name> CREATE FULLTEXT STOPLIST
ALTER SEARCH PROPERTY LIST ALTER ON DATABASE SCOPED CREDENTIAL ::<name>
TAKE OWNERSHIP ON AVAILABILITY GROUP::<name>
ALTER ANY AVAILABILITY GROUP CREATE SEARCH PROPERTY LIST
ALTER ON AVAILABILITY GROUP::<name>
STATEMENTS:
STATEMENTS:
STATEMENTS: ALTER DATABASE SCOPED CREDENTIAL
DROP FULLTEXT CATALOG
ALTER AVAILABILITY GROUP DROP FULLTEXT STOPLIST
Notes: DROP DATABASE SCOPED CREDENTIAL January 19, 2017
Creating a full-text index requires ALTER permission on the table and REFERENCES permission on the full-text catalog. CREATE DATABASE SCOPED CREDENTIAL
DROP AVAILABILITY GROUP DROP FULLTEXT SEARCH PROPERTYLIST
CREATE AVAILABILITY GROUP
Dropping a full-text index requires ALTER permission on the table. 2017 Microsoft Corporation. All rights reserved.
CREATE AVAILABILITY GROUP