Account Types and Permissions
Last updated: 2025-10-11 10:28:08
After creating an SQL Server instance, you can create different database accounts under the instance and assign different accounts for database management according to business needs.
TencentDB for SQL Server supports the creation of various account types, with the corresponding permissions configured for each type. This document introduces the account types and the permissions supported by the TencentDB for SQL Server instances.
Note:
TencentDB for SQL Server launched the new database account and permission logic on February 9, 2023. For the mappings between old and new account types and permissions, see Account Type and Permission Changes.
The msdb database has security risks. Therefore, the system has temporarily revoked its permissions. If your business needs to use this database, submit a ticket for application.
Account Types and Permissions for Two-Node (Formerly HA/Cluster Edition) and Multi-node Instances
Instance Architecture | Account Type | Database Permission | Table Permission Description | Role Description |
Two-node (formerly HA/Cluster Edition) and multi-node | Privileged account | Instance admin account, which has the owner permissions of all databases by default. | Table-level authorization is supported. For grantable table permissions, see Modifying Account Permissions. | Server-level roles: processadmin dbcreator Database-level roles: rdb_owner |
| Standard account | Owner | Table-level authorization is supported. For grantable table permissions, see Modifying Account Permissions. | Server-level roles: processadmin dbcreator Database-level roles: db_owner |
| | Read/Write | | Server-level roles: processadmin dbcreator Database-level roles: db_reader db_writer |
| | Read-only | | Server-level roles: processadmin dbcreator Database-level roles: db_reader |
| Designated account | A designated account can only view and own the specified database. A designated account can be authorized to multiple databases, but a database can be authorized to only one designated account. | Table-level authorization is not supported. | Server-level roles: processadmin dbcreator Database-level roles: db_owner |
Account types and permissions for single-node (formerly Basic Edition) instances
Instance Architecture | Account Type | Database Permission | Table Permission Description | Role Description |
Single-node (formerly Basic Edition) | Admin account | Instance admin account, which has the highest-level sysadmin permission and the owner permissions of all databases. After the admin account is enabled, the product SLA will no longer be guaranteed. | Table-level authorization is not supported. | Server-level roles: sysadmin sysadmin Databaseoles: db_owner |
| Privileged account | It has the owner permissions of all databases by default. | Table-level authorization is supported. For grantable table permissions, see Modifying Account Permissions. | Server-level roles: processadmin dbcreator Database-level roles: db_owner |
| Standard account | Owner | Table-level authorization is supported. For grantable table permissions, see Modifying Account Permissions. | Server-level roles: processadmin dbcreator Database-level roles: db_owner |
| | Read/Write | | Server-level roles: processadmin dbcreator Database-level roles: db_reader db_writer |
| | Read-only | | Server-level roles: processadmin dbcreator Database-level roles: db_reader |
| Designated account | A designated account can only view and own the specified database. A designated account can be authorized to multiple databases, but a database can be authorized to only one designated account. | Table-level authorization is not supported. | Server-level roles: processadmin dbcreator Database-level roles: db_owner |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback