Академический Документы
Профессиональный Документы
Культура Документы
1 of 5
https://technet.microsoft.com/en-us/library/aa337562(v=sql.110).aspx
Create a Login
SQL Server 2012
This topic describes how to create a login in SQL Server 2012 by using SQL Server Management Studio or Transact-SQL. A login is the identity of the person or
process that is connecting to an instance of SQL Server.
In This Topic
Background
A login is a security principal, or an entity that can be authenticated by a secure system. Users need a login to connect to SQL Server. You can create a login based
on a Windows principal (such as a domain user or a Windows domain group) or you can create a login that is not based on a Windows principal (such as an SQL
Server login).
Note
To use SQL Server Authentication, the Database Engine must use mixed mode authentication. For more information, see Choose an Authentication Mode.
As a security principal, permissions can be granted to logins. The scope of a login is the whole Database Engine. To connect to a specific database on the instance
of SQL Server, a login must be mapped to a database user. Permissions inside the database are granted and denied to the database user, not the login.
Permissions that have the scope of the whole instance of SQL Server (for example, the CREATE ENDPOINT permission) can be granted to a login.
Security
Permissions
Requires ALTER ANY LOGIN or ALTER LOGIN permission on the server.
[Top]
30-Mar-15 2:24 AM
Create a Login
2 of 5
https://technet.microsoft.com/en-us/library/aa337562(v=sql.110).aspx
4. To create a login based on a Windows principal, select Windows authentication. This is the default selection.
5. To create a login that is saved on a SQL Server database, select SQL Server authentication.
a. In the Password box, enter a password for the new user. Enter that password again into the Confirm Password box.
b. When changing an existing password, select Specify old password, and then type the old password in the Old password box.
c. To enforce password policy options for complexity and enforcement, select Enforce password policy. For more information, see Password Policy.
This is a default option when SQL Server authentication is selected.
d. To enforce password policy options for expiration, select Enforce password expiration. Enforce password policy must be selected to enable this
checkbox. This is a default option when SQL Server authentication is selected.
e. To force the user to create a new password after the first time the login is used, select User must change password at next login. Enforce
password expiration must be selected to enable this checkbox. This is a default option when SQL Server authentication is selected.
6. To associate the login with a stand-alone security certificate, select Mapped to certificate and then select the name of an existing certificate from the list.
7. To associate the login with a stand-alone asymmetric key, select Mapped to asymmetric key to, and then select the name of an existing key from the list.
8. To associate the login with a security credential, select the Mapped to Credential check box, and then either select an existing credential from the list or
click Add to create a new credential. To remove a mapping to a security credential from the login, select the credential from Mapped Credentials and click
Remove. For more information about credentials in general, see Credentials (Database Engine).
9. From the Default database list, select a default database for the login. Master is the default for this option.
10. From the Default language list, select a default language for the login.
11. Click OK.
Additional Options
The Login New dialog box also offers options on four additional pages: Server Roles, User Mapping, Securables, and Status.
Server Roles
The Server Roles page lists all possible roles that can be assigned to the new login. The following options are available:
User Mapping
The User Mapping page lists all possible databases and the database role memberships on those databases that can be applied to the login. The databases
selected determine the role memberships that are available for the login. The following options are available on this page:
30-Mar-15 2:24 AM
Create a Login
3 of 5
https://technet.microsoft.com/en-us/library/aa337562(v=sql.110).aspx
Specify a database user to map to the login. By default, the database user has the same name as the login.
Default Schema
Specifies the default schema of the user. When a user is first created, its default schema is dbo. It is possible to specify a default schema that does not yet
exist. You cannot specify a default schema for a user that is mapped to a Windows group, a certificate, or an asymmetric key.
Guest account enabled for: database_name
Read-only attribute indicating whether the Guest account is enabled on the selected database. Use the Status page of the Login Properties dialog box of
the Guest account to enable or disable the Guest account.
Database role membership for: database_name
Select the roles for the user in the specified database. All users are members of the public role in every database and cannot be removed. For more
information about database roles, see Database-Level Roles.
Securables
The Securables page lists all possible securables and the permissions on those securables that can be granted to the login. The following options are available on
this page:
Upper Grid
Contains one or more items for which permissions can be set. The columns that are displayed in the upper grid vary depending on the principal or
securable.
To add items to the upper grid:
1. Click Search.
2. In the Add Objects dialog box, select one of the following options: Specific objects, All objects of the types, or The server server_name. Click
OK.
Note
Selecting The server server_name automatically fills the upper grid with all of that servers' securable objects.
Status
The Status page lists some of the authentication and authorization options that can be configured on the selected SQL Server login.
The following options are available on this page:
30-Mar-15 2:24 AM
Create a Login
4 of 5
https://technet.microsoft.com/en-us/library/aa337562(v=sql.110).aspx
[Top]
Using Transact-SQL
To create a login using Windows Authentication
1. In Object Explorer, connect to an instance of Database Engine.
2. On the Standard bar, click New Query.
3. Copy and paste the following example into the query window and click Execute.
-- Create a login for SQL Server by specifying a server name and a Windows domain account name.
CREATE LOGIN [<domainName>\<loginName>] FROM WINDOWS;
GO
-- Creates the user "shcooper" for SQL Server using the security credential "RestrictedFaculty"
-- The user login starts with the password "Baz1nga," but that password must be changed after the first login.
CREATE LOGIN shcooper
WITH PASSWORD = 'Baz1nga' MUST_CHANGE,
CREDENTIAL = RestrictedFaculty;
GO
[Top]
30-Mar-15 2:24 AM
Create a Login
5 of 5
https://technet.microsoft.com/en-us/library/aa337562(v=sql.110).aspx
Community Additions
2015 Microsoft
30-Mar-15 2:24 AM