Why public is not mentioned as a fixed role in system database in SQL Server?
Why public is not mentioned as a fixed role in system database in SQL Server?
While running
select * from sys.server_principals
for public role, in the column is_fixed_role is shown 0
public
is_fixed_role
But the documentation states that it is a fixed server role.
Documentation Link
Although it is stated that public is a little bit different from other roles because we can assign permissions to it. Anyway it is mentioned as a fixed role.
Can anyone explain this dilemma?
sys.database_principals
sys.server_principals
public
Ok, thanks. I'll post there too
– Eleonora Grigoryan
Aug 31 at 14:14
2 Answers
2
One reason that I can think of why public is NOT a fixed role - is_fixed_role is that the permissions can be changed.
why public is NOT a fixed role - is_fixed_role
From BOL:
The permissions that are granted to the fixed server roles (except public) cannot be changed.
Only assign public permissions on any object when you want the object to be available to all users.
Note: public is implemented differently than other roles, and permissions can be granted, denied, or revoked from the public fixed server roles.
the other fixed server roles permissions cannot be changed.
Public is just an odd duck.
But to apply some retroactive continuity to the documentation you might say that all these built in roles are "fixed" or unchangeable in ways that normal roles are not. The roles marked as is_fixed_role have fixed permissions and changeable membership. Public has fixed membership (everyone) and changeable permissions.
is_fixed_role
The column in sys.server_principals and sys.database_principals should be documented to clarify this.
Thanks for contributing an answer to Database Administrators Stack Exchange!
But avoid …
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
But avoid …
To learn more, see our tips on writing great answers.
Required, but never shown
Required, but never shown
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
Just for clarity,
sys.database_principalsshows database level things like users, so when checking server level things like logins, you should checksys.server_principals. That won't help here though, becausepublicis also marked as non-fixed there. I'm not sure that it matters - you can't really do anything with the public role whether it's truly fixed or not (e.g. I'm not sure if the docs are wrong or the view is, but I would just post a question on the documentation).– Aaron Bertrand♦
Aug 31 at 14:11