A Guide to Creating SQL Server 2012 User Accounts

How to Add a User to a SQL Server Database

computer code
Krzysztof Zmij / Getty Images

SQL Server 2012 provides a wide range of security features designed to protect the confidentiality, integrity, and availability of data stored in your enterprise databases. One of the most important tasks that database administrators perform is the implementation of role-based access control that limits the ability of users to retrieve and modify data in the database unless they have an explicit business need to do so.

This requires the identification of individual users through the use of named user accounts.

SQL Server provides two methods for creating database user accounts: Windows authentication or mixed mode, which supports Windows authentication and SQL Server authentication. In Windows authentication mode, you assign all database permissions to Windows accounts. This has the advantage of providing a single sign-on experience for users and of simplifying security management. In SQL Server (mixed mode) authentication, you can still assign rights to Windows users, but you can also create accounts that exist only in the context of the database server.

Generally speaking, it's best to use Windows authentication mode because it reduces the layers of complexity in your environment. By having a single source of user accounts, you can be more confident that users who leave the organization are fully de-provisioned.

However, it's not always possible to meet all of your authentication needs with domain accounts, so you may need to supplement them with local accounts designed to work only with SQL Server databases.

Creating a SQL Server 2012 Account

If you need to create a SQL Server account when using mixed mode authentication, follow this process for SQL Server 2012:

  1. Open SQL Server Management Studio.
  2. Connect to the SQL Server database where you want to create a login.
  3. Open the Security folder.
  4. Right-click on the Logins folder and select New Login.
  5. To assign rights to a Windows account, select Windows authentication. To create an account that exists only in the database, select SQL Server authentication.
  6. Provide the login name in the text box. You may use the Browse button to select an existing account if you chose Windows authentication.
  7. If you chose SQL Server authentication, you must also provide a strong password in both the Password and Confirmation text boxes.
  8. Customize the default database and language for the account, if desired, using the drop-down boxes at the bottom of the window.
  9. Click OK to create the account.

Advice for Account Creation

Here are some tips you should follow when creating SQL Server 2012 user accounts:

  • Be sure to use a strong password if you are creating a SQL Server login.
  • To remove an existing account (using either SQL Server authentication or Windows authentication), right-click on the account in the Logins folder, and select Delete.
  • Creating an account does not create database permissions. The next step of the process is to add permissions to the account.
  • SQL Server authentication is available only if you have selected mixed mode authentication for your SQL Server instance.
  • Whatever authentication mode you use, be sure to create accounts and assign user privileges with care. Security administration isn't the most glamorous of database administration tasks, but it's one that you want to be sure to get right.

Note: This article applies to SQL Server 2012. If you are using the earlier version SQL Server 2008, the procedure is the same, but be aware that Microsoft ceased support for SQL Server 2008 in 2014.