The user IDs can be added or removed using which of the following fixed roles?
2023
The user IDs can be added or removed using which of the following fixed roles?
- A.
db_sysadmin
- B.
db_accessadmin
- C.
db_securityadmin
- D.
More than one of the above
- E.
None of the above
Attempted by 40 students.
Show answer & explanation
Correct answer: B
Concept
SQL Server provides built-in fixed database roles, each scoped to one administrative responsibility. Managing who is permitted to connect to a database — that is, adding or removing database access (user IDs) for logins — is the job of one specific role, separate from managing data, security objects, or server-level administration.
Applying it here
The phrase “add or remove user IDs” maps to managing a login’s access to the database. By definition, db_accessadmin members can add or remove database access for Windows logins, Windows groups, and SQL Server logins (for example via CREATE USER / DROP USER). So the role that adds or removes user IDs is db_accessadmin.
Contrast with the other roles
db_sysadmin— not a standard fixed database role; the powerful database-level role isdb_owner, whilesysadminis a server-level (not database) role, so neither matches “add or remove user IDs”.db_securityadmin— manages permissions and role membership (GRANT/DENY, adding members to roles), but does not add or remove the database users themselves.“More than one of the above” — only a single listed role owns this responsibility, so this does not apply.
“None of the above” — incorrect, because a listed role (
db_accessadmin) does have exactly this capability.
Result
The fixed role used to add or remove user IDs (database access) is db_accessadmin.