- "groups [SQL Server], roles"

author: VanMSFT

ms.author: vanto

ms.custom: FY22Q2Fresh

ms.date: 12/16/2021

monikerRange: ">=aps-pdw-2016||=azuresqldb-current||=azure-sqldw-latest||>=sql-server-2016||>=sql-server-linux-2017||=azuresqldb-mi-current"

|**db_securityadmin**|Members of the **db_securityadmin** fixed database role can modify role membership for custom roles only and manage permissions. Members of this role can potentially elevate their privileges and their actions should be monitored.|

|**db_accessadmin**|Members of the **db_accessadmin** fixed database role can add or remove access to the database for Windows logins, Windows groups, and [!INCLUDE[ssNoVersion](../../../includes/ssnoversion-md.md)] logins.|

|**db_backupoperator**|Members of the **db_backupoperator** fixed database role can back up the database.|

|**db_datawriter**|Members of the **db_datawriter** fixed database role can add, delete, or change data in all user tables.|

|**db_datareader**|Members of the **db_datareader** fixed database role can read all data from all user tables and views. User objects can exist in any schema except *sys* and *INFORMATION_SCHEMA*. |

|**db_denydatawriter**|Members of the **db_denydatawriter** fixed database role cannot add, modify, or delete any data in the user tables within a database.|

- [Security Functions (Transact-SQL)](../../../t-sql/functions/security-functions-transact-sql.md)

- [Securing SQL Server](../../../relational-databases/security/securing-sql-server.md)

- [sp_helprotect (Transact-SQL)](../../../relational-databases/system-stored-procedures/sp-helprotect-transact-sql.md)