Tham khảo tài liệu 'mastering sql server 2000- p15', công nghệ thông tin, cơ sở dữ liệu phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả | 720 CHAPTER 18 SECURITY AND SQL SERVER 2000 you have a well-designed security plan that incorporates growth managing your user base can be a painless task. To limit administrative access to SQL Server at the server level you learned that you can add users to a fixed server role. For limiting access in a specific database you can add users to a database role and if one of the fixed database roles is not to your liking you can create your own. You can even go so far as to limit access to specific applications by creating an application role. Each database in SQL Server 2000 has its own independent permissions. You looked at the two types of user permissions statement permissions which are used to create or change the data structure and object permissions which manipulate data. Remember that statement permissions cannot be granted to other users. The next section in this chapter described the database hierarchy. You looked at the permissions available to the most powerful user the sa down through the lower-level database users. You then learned about chains of ownership. These are created when you grant permissions to others on objects you own. Adding more users who create dependent objects creates broken ownership chains which can become complex and tricky to work with. You learned how to predict the permissions available to users at different locations within these ownership chains. You also learned that to avoid the broken ownership chains you can add your users to either the db_owner or the db_ddladmin database role and have your users create objects as the DBO. Permissions can be granted to database users as well as database roles. When a user is added to a role they inherit the permissions of the role including the Public role of which everyone is a member. The only exception is when the user has been denied permission because Deny takes precedence over any other right no matter the level at which the permission was granted. We then looked at remote and linked .