After you create a TencentDB for SQL Server instance, you can create different database accounts to allocate and manage databases based on your business needs.
You can create different types of accounts with different permissions for both TencentDB for SQL Server two-node (formerly High Availability/Cluster Edition) and single-node (formerly Basic Edition) instances. This document describes the supported types of accounts and their permissions.
Note
TencentDB for SQL Server launched the new database account and permission logic on February 9, 2023. For the mappings between old and new account types and permissions, see Account Type and Permission Changes.
Account types and permissions for two-node (formerly High Availability/Cluster Edition) instances
Instance Architecture | Account Types | Database permissions | Role Description |
Two-node (formerly High Availability/Cluster Edition) | Privileged account | Instance admin account, which has the owner permissions of all databases by default. | Server-level roles: securityadmin processadmin dbcreatorDatabase-level roles: db_owner |
| Standard account | Owner | Server-level roles: securityadmin processadmin dbcreatorDatabase-level roles: db_owner |
| | Read-write | Server-level roles: securityadmin processadmin dbcreatorDatabase-level roles: db_reader db_writer |
| | Read-only | Server-level roles: securityadmin processadmin dbcreatorDatabase-level roles: db_reader |
| Special Permissions Account | The designated account can only see the specified database and has owner permissions for that database only. A designated account can be authorized to multiple databases, but a database can be authorized to only one designated account. | Server-level roles: securityadmin processadmin dbcreatorDatabase-level roles: db_owner |
Account types and permissions for single-node (formerly Basic Edition) instances
Instance Architecture | Account Types | Database permissions | Role Description |
Single-node (formerly Basic Edition) | Privileged Account | Instance admin account, which has the highest-level sysadmin permission and the owner permissions of all databases. After the admin account is enabled, the product SLA will no longer be guaranteed. | Server-level roles: sysadminDatabase-level roles: db_owner |
| Privileged account | It has the owner permissions of all databases by default. | Server-level roles: securityadmin processadmin dbcreatorDatabase-level roles: db_owner |
| Standard account | Owner | Server-level roles: securityadmin processadmin dbcreatorDatabase-level roles: db_owner |
| | Read-write | Server-level roles: securityadmin processadmin dbcreatorDatabase-level roles: db_reader db_writer |
| | Read-only | Server-level roles: securityadmin processadmin dbcreatorDatabase-level roles: db_reader |
| Special Permissions Account | The designated account can only see the specified database and has owner permissions for that database only. A designated account can be authorized to multiple databases, but a database can be authorized to only one designated account. | Server-level roles: securityadmin processadmin dbcreatorDatabase-level roles: db_owner |