When users connect to an instance of Microsoft® SQL Server™, the activities they can perform are determined by the permissions granted to:
The user must have the appropriate permissions to perform any activity that involves changing the database definition or accessing data.
Managing permissions includes granting or revoking user rights to:
Working with data or executing a procedure requires a class of permissions known as object permissions:
Activities involved in creating a database or an item in a database, such as a table or stored procedure, require a different class of permissions called statement permissions. For example, if a user must be able to create a table within a database, then grant the CREATE TABLE statement permission to the user. Statement permissions, such as CREATE DATABASE, are applied to the statement itself, rather than to a specific object defined in the database.
Statement permissions are:
Implied permissions control those activities that can be performed only by members of predefined system roles or owners of database objects. For example, a member of the sysadmin fixed server role inherits automatically full permission to do or see anything in a SQL Server installation.
Database object owners also have implied permissions that allow them to perform all activities with the object they own. For example, a user who owns a table can view, add, or delete data, alter the table definition, or control permissions that allow other users to work with the table.