“Think individuals, groups, and processes in regards to principals; server, database, and objects of the database in regards to securable. Each has a set of permissions configured to reduce the SQL Server surface area” (Macauley, Caserio, Jones, and Guyer, 2017). “Principals represent any of the types and characteristics below:Has a security identifier (SID)Can be arranged in a hierarchyCan be indivisibleExample windows loginCan be a collectionExample windows groupEntities that request SQL Server resourcesExist at server-levelsSQL Server authentication loginWindows authentication login: Windows user/groupAzure AD authentication login AD user/groupExist at database-levelDatabase UsersDatabase/Application Role” (Macauley, Laudenschlager, and Guyer, 2017).”Securable regulates authorization/system access. Access to the securable will be granted or denied permissions and in adding logins, users, or roles to access. The principal receives the permission to the securable and comes in three scopes: server, database, and schema.Server securable includes availability group, endpoint, login, server role, and database. Database securable include 10 securable ranging from application role to user.Schema securable include type, xml schema collection, and object class members” (Macauley and Guyer, 2016). “All SQL Server securable has associated permissions granted to a principal managed at the server level and assigned to logins and server roles, but at database level assigned at user or database roles. There are a total of 237 permissions for SQL Server 2017 and SQL Database; SQL Server 2016 has 230, SQL Server 2014 has 219, SQL Server 2012 has 214, and SQL Server 2008 has 195 permissions. With use of GRANT, REVOKE, and DENY statements we are able to apply server level permissions to logins and database level permissions. Principals granted CONTROL can grant permissions to securable and the scope under that scope. Example CONTROL on a database will mean permission on database, assemblies, schemas, and objects within databases. Other naming conventions include ALTER, ALTER ANY, TAKE OWNERSHIP, IMPERSONATE login/user, CREATE Server/Database, or Schema Securable, VIEW DEFINITION, REFERENCES” (Macauley, Pmasl, and Guyer, 2017).