- 6 minutes to read
Applies to: SQL Server (all supported versions) Azure SQL Database Azure SQL Managed Instance Azure Synapse Analytics Analytics Platform System (PDW)
This topic describes how to create the most common types of database users. There are eleven types of users. The complete list is provided in the topic CREATE USER (Transact-SQL). All varieties of SQL Server support database users, but not necessarily all types of users.
You can create a database user by using SQL Server Management Studio or by using Transact-SQL.
Understanding the Types of Users
Management Studio presents 6 options when creating a database user. The following graphic shows the 6 options in the green box, and indicates what they represent.
Selecting the Type of User
Login or user that is not mapped to a login
If you are new to SQL Server, it can be difficult to determine what type of user you want to create. First ask yourself, does the person or group that needs to access the database have a login? Logins in the master database are common for the people who manage the SQL Server and for people who need to access many or all of the database on the instance of SQL Server. For this situation, you will create a SQL user with login. The database user is the identity of the login when it is connected to a database. The database user can use the same name as the login, but that is not required. This topic assumes that a login already exists in SQL Server. For information about how to create a login, see Create a Login
If the person or group that needs to access the database does not have a login and if they only need access to one or few databases, create a Windows user or a SQL user with password. Also called a contained database user, it is not associated with a login in the master database. This is an excellent choice when you want to be able to easily move your database between instances of SQL Server. To use this option on SQL Server 2016 (13.x), an administrator must first enable contained databases for the SQL Server, and the database be enabled for containment. For more information, see Contained Database Users - Making Your Database Portable.
When connecting as a contained database user you must provide the name of the database as part of the connection string. To specify the database in Management Studio, in the Connect to dialog box, click Options, and then click the Connection Properties tab.
Select SQL user with password or a SQL user with login based on a SQL Server authentication login, when the person connecting cannot authenticate with Windows. This is common when people outside of your organization (for example customers) are connecting to your SQL Server.
For people inside your organization, Windows authentication is a better choice, because they won't have to remember an additional password, and because Windows authentication offers additional security features such as Kerberos.
A user is a database level security principal. Logins must be mapped to a database user to connect to a database. A login can be mapped to different databases as different users but can only be mapped as one user in each database. In a partially contained database, a user can be created that does not have a login. For more information about contained database users, see CREATE USER (Transact-SQL). If the guest user in a database is enabled, a login that is not mapped to a database user can enter the database as the guest user.
The guest user is ordinarily disabled. Do not enable the guest user unless it is necessary.
As a security principal, permissions can be granted to users. The scope of a user is the database. To connect to a specific database on the instance of SQL Server, a login must be mapped to a database user. Permissions inside the database are granted and denied to the database user, not the login.
Requires ALTER ANY USER permission on the database.
Create a user with SSMS
In Object Explorer, expand the Databases folder.
Expand the database in which to create the new database user.
Right-click the Security folder, point to New, and select User....
In the Database User - New dialog box, on the General page, select one of the following user types from the User type list:
SQL user with loginSee AlsoSet-User (ExchangePowerShell)
SQL user with password
SQL user without login
User mapped to a certificate
User mapped to an asymmetric key
Windows user(Video) MS SQL Server 2019 | How to create Database, SQL Login and User
When you select an option, the remaining options in the dialog may change. Some options only apply to specific types of database users. Some options can be left blank and will use a default value.
Enter a name for the new user. If you have chosen Windows user from the User type list, you can also click the ellipsis (...) to open the Select User or Group dialog box.
Enter the login for the user. Alternately, click the ellipsis (...) to open the Select Login dialog box. Login name is available if you select either SQL user with login or Windows user from the User type list.
Password and Confirm password
Enter a password for users who authenticate at the database.
Enter the default language of the user.
Enter the schema that will own objects created by this user. Alternately, click the ellipsis (...) to open the Select Schema dialog box. Default schema is available if you select either SQL user with login, SQL user without login, or Windows user from the User type list.
Enter the certificate to be used for the database user. Alternately, click the ellipsis (...) to open the Select Certificate dialog box. Certificate name is available if you select User mapped to a certificate from the User type list.
Asymmetric key name
Enter the key to be used for the database user. Alternately, click the ellipsis (...) to open the Select Asymmetric Key dialog box. Asymmetric key name is available if you select User mapped to an asymmetric key from the User type list.
The Database User - New dialog box also offers options on four additional pages: Owned Schemas, Membership, Securables, and Extended Properties.
The Owned Schemas page lists all possible schemas that can be owned by the new database user. To add schemas to or remove them from a database user, under Schemas owned by this user, select or clear the check boxes next to the schemas.(Video) SQL Server DBA Tutorial 69-How to Create Contained Database User in SQL Server
The Membership page lists all possible database membership roles that can be owned by the new database user. To add roles to or remove them from a database user, under Database role membership, select or clear the check boxes next to the roles.
The Securables page lists all possible securables and the permissions on those securables that can be granted to the login.
The Extended properties page allows you to add custom properties to database users. The following options are available on this page.
Displays the name of the selected database. This field is read-only.
Displays the collation used for the selected database. This field is read-only.
View or specify the extended properties for the object. Each extended property consists of a name/value pair of metadata associated with the object.
Click the ellipsis (...) after Value to open the Value for Extended Property dialog box. Type or view the value of the extended property in this larger location. For more information, see Value for Extended Property Dialog Box.
Removes the selected extended property.
Create a user using T-SQL
In Object Explorer, connect to an instance of Database Engine.
On the Standard bar, click New Query.
Copy and paste the following example into the query window and click Execute.(Video) How to Create MS SQL Database Using SQL Server Management Studio - For Beginners
-- Creates the login AbolrousHazem with password '340$Uuxwp7Mcxo7Khy'. CREATE LOGIN AbolrousHazem WITH PASSWORD = '340$Uuxwp7Mcxo7Khy'; GO -- Creates a database user for the login created above. CREATE USER AbolrousHazem FOR LOGIN AbolrousHazem; GO
For more information, see CREATE USER (Transact-SQL) which contains many more Transact-SQL examples.
Principals (Database Engine)
Create a Login
CREATE LOGIN (Transact-SQL)
Expand the database in which to create the new database user. Right-click the Security folder, point to New, and select User.... In the Database User - New dialog box, on the General page, select one of the following user types from the User type list: SQL user with login.What is the command to create a user in SQL? ›
- Log in to SQL *Plus: sqlplus '/ as sysdba'
- Create a new user with an administrator password: create user user_name identified by admin_password ; ...
- Assign the sysdba privilege to the new Oracle user: grant sysdba to user_name ;
- Start SQL Server. ...
- Expand server_name, and then expand Security. ...
- Right-click Logins, and then click New Login.
- Enter a user name for SQL Server. ...
- Enter a password. ...
- Select the Microsoft Forecaster database. ...
- Grant access to the Microsoft Forecaster database. ...
- Click OK.
In Object Explorer, expand the server where you want to create the new server role. Expand the Security folder. Right-click the Server Roles folder and select New Server Role.... In the New Server Role -server_role_name dialog box, on the General page, enter a name for the new server role in the Server role name box.How can I create my own user? ›
- Select Start > Settings > Accounts and then select Family & other users. ...
- Next to Add other user, select Add account.
- Select I don't have this person's sign-in information, and on the next page, select Add a user without a Microsoft account.
Database users are granted access to read, insert, update, and delete specific objects that define a set of fields and business rules. These objects can also update one or more database tables. In the Users application, you use the Database Access action to create database users.What is the command to create user? ›
GOTO CMD(Command Prompt) Run as Administrator. Type command “ net user username /add ” or “ net user username password /add ” New user with the specified username will be added.What command is used to create users? ›
The useradd command creates a new user account. The login parameter must be a unique string (its length is can be configured by administrators using the chdev command). You cannot use the ALL or default keywords in the user name. The useradd command does not create password information for a user.What is the syntax to create user? ›
CREATE USER username IDENTIFIED BY password [DEFAULT TABLESPACE tablespace_name] [TEMPORARY TABLESPACE temp_ts_name] [QUOTA UNLIMITED|size ON tablespace_name] [PROFILE user_profile] [PASSWORD EXPIRE] [ACCOUNT LOCK|UNLOCK]; Note: Attributes in brackets are optional and are assigned default values when omitted.What is the difference between login and user in SQL Server? ›
A login provides to a user or application the ability to connect to a SQL Server instance, whereas a database user provides the login rights to access a database. Each database a login needs access to will require a database user to be defined, except when a login has been given sysadmin rights.
The sa login, short for system administrator, is one of the riskiest server-level principals in SQL Server. It's automatically added as a member of the sysadmin fixed server role and, as such, has all permissions on that instance and can perform any activity.How do I create a login authentication? ›
- A client requests access to a protected resource.
- The Web server returns a dialog box that requests the user name and password.
- The client submits the user name and password to the server.
- The server validates the credentials and, if successful, returns the requested resource.
- Creating and Assigning a Role – First, the (Database Administrator)DBA must create the role. ...
- Syntax – CREATE ROLE manager; Role created. ...
- Grant privileges to a role – ...
- Grant a role to users. ...
- Revoke privilege from a Role : REVOKE create table FROM manager;
- Drop a Role : DROP ROLE manager;
- Explanation –
To add and remove users to a database role, use the ADD MEMBER and DROP MEMBER options of the ALTER ROLE statement.What are user roles in SQL Server? ›
SQL Server roles lets you group user logins together and manage server-level permissions. They play a central part in SQL Server security. SQL Server has two types of roles: Fixed server roles, which are built into SQL Server, and do not allow you to modify permissions or user-defined roles.How do you create a user account manually? ›
- To open User Accounts, click the Start button. ...
- Click Manage another account. ...
- Click Create a new account.
- Type the name you want to give the user account, click an account type, and then click Create Account.
- Local User Profiles. A local user profile is created the first time that a user logs on to a computer. ...
- Roaming User Profiles. A roaming user profile is a copy of the local profile that is copied to, and stored on, a server share. ...
- Mandatory User Profiles. ...
- Temporary User Profiles.
- Select Start > Settings > Accounts > Family & other users.
- Under Other users > Add other user, select Add account.
- Enter that person's Microsoft account information and follow the prompts.
- Database Administrators (DBA)
- Database Designers.
- System Analysts.
- Application Programmers.
- Naive Users / Parametric Users.
- Sophisticated Users.
- Casual Users / Temporary Users.
users command in Linux system is used to show the user names of users currently logged in to the current host. It will display who is currently logged in according to FILE. If the FILE is not specified, use /var/run/utmp. /var/log/wtmp as FILE is common.Is create user a DDL command? ›
Use the following DDL commands to manage users in the system: CREATE USER. ALTER USER. DROP USER.
Grant command is used to give users permission for a particular action. Permission can be given for any data object. Grant command is a part of Data Controlling Language (DCL). Permissions can also be propagated using the "with grant" option clause from one user to another.What is create user command in MySQL? ›
The CREATE USER statement creates new MySQL accounts. It enables authentication, role, SSL/TLS, resource-limit, password-management, comment, and attribute properties to be established for new accounts. It also controls whether accounts are initially locked or unlocked.How can you create a user without useradd command? ›
Follow these steps to create a user without using useradd command in Red Hat Linux. # passwd user Changing password for user user. New password: Retype new password: passwd: all authentication tokens updated successfully. You should see [user@test ~]$ instead of -bash-4.1$ prompt.Which statement creates a new user? ›
The CREATE USER statement creates a new user account in a database.Can we create user without login in SQL Server? ›
The same Management Studio dialog used to create "normal" users can be used to create a user without login.What is difference between schema and user in SQL Server? ›
In a SQL database, a schema is a list of logical structures of data. A database user owns the schema, which has the same name as the database manager. As of SQL Server 2005, a schema is an individual entity (container of objects) distinct from the user who constructs the object.How to get current user in SQL Server? ›
CURRENT_USER() Function in SQL Server
This function in SQL Server is used to return the current user's name in the database of SQL Server in use. Features : This function is used to find the current user's name. This function comes under Advanced Functions.
- Access command line and enter MySQL server: mysql.
- The script will return this result, which verifies that you are accessing a MySQL server. mysql>
- Then, execute the following command: CREATE USER 'new_user'@'localhost' IDENTIFIED BY 'password';
- Open the Server Manager, go to the Tools menu and select Active Directory Users and Computers.
- Expand the domain and click Users.
- Right-click on the right pane and press New > User.
- When the New Object-User box displays enter a First name, Last name, User logon name, and click Next.
- Enter a password and press Next.