SQL Server 2005 uses a very standard security model involves 3 concepts:

* Securables - Entities representing resources that need to be secured. For example, a database table is a securable.

* Principals - Entities representing users that request accesses to resources. For example, a login user is a principal.

* Permissions - Types of accesses associated with securables. Permissions can be granted to or revoked from principals. For example, "Update" is a permission associated a securable, table "R". "Update" on "R" can be granted to a principal, user "U". Now user "U" will get "Update" access on table "R".

In simple terms, a principal answers the security question of "Who are you?"; a securable answers the security question of "What is your target object?"; a permission answers the security question of "You are allowed to perform this action on this target object".

SQL Server 2005 supports multiple securables and multiple principals organized into hierarchical structures.