{"id":7203,"date":"2026-03-31T15:35:46","date_gmt":"2026-03-31T20:35:46","guid":{"rendered":"https:\/\/andreas-wolter.com\/?p=7203"},"modified":"2026-04-16T18:48:17","modified_gmt":"2026-04-16T23:48:17","slug":"2603_sqlserver2025_newpermissions","status":"publish","type":"post","link":"https:\/\/andreas-wolter.com\/en\/2603_sqlserver2025_newpermissions\/","title":{"rendered":"New Permissions in SQL Server 2025"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-m0cxh8ps-b4939ef10fd42c3cc866a9c1c1d2f282\">\n#top .av-special-heading.av-m0cxh8ps-b4939ef10fd42c3cc866a9c1c1d2f282{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-m0cxh8ps-b4939ef10fd42c3cc866a9c1c1d2f282 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-m0cxh8ps-b4939ef10fd42c3cc866a9c1c1d2f282 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-m0cxh8ps-b4939ef10fd42c3cc866a9c1c1d2f282 av-special-heading-h3 blockquote modern-quote  avia-builder-el-0  el_before_av_textblock  avia-builder-el-first '><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >New Permissions in SQL Server 2025<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\r\n\r\n<section  class='av_textblock_section av-m0cxgkjy-c935304b4106b45214698f40e83a9894 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>This article provides a brief overview of the new permissions introduced with SQL Server 2025 and the few adjustments to existing ones.<\/p>\n<p>Overall, the changes are subtle &#8211; which is not surprising. The past couple of years have focused heavily on SQL Database in Fabric, Entra ID integration, and incremental improvements rather than major changes to the core permission model.<\/p>\n<p>All newly introduced permissions are tied to new functionality. The underlying permission model itself remains unchanged since its last significant evolution in SQL Server 2022.<\/p>\n<p>If you haven\u2019t explored those changes yet, I recommend revisiting:<\/p>\n<ul>\n<li><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/sql-server-blog\/new-granular-permissions-for-sql-server-2022-and-azure-sql-to\/ba-p\/3607507\" target=\"_blank\" rel=\"noopener\">New granular permissions for SQL Server 2022 and Azure SQL to improve adherence with PoLP<\/a><\/li>\n<li><a href=\"https:\/\/techcommunity.microsoft.com\/blog\/azuresqlblog\/revamped-sql-permission-system-for-principle-of-least-privilege-and-external-pol\/3639399\" target=\"_blank\" rel=\"noopener\">Revamped SQL Permission system for Principle of Least Privilege and external policies \u2013 internals<\/a><\/li>\n<\/ul>\n<h2>New Permissions in SQL Server 2025<\/h2>\n<p>The following permissions have been introduced:<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"94\"><strong>Class<\/strong><\/td>\n<td width=\"129\"><strong>Permission name<\/strong><\/td>\n<td width=\"129\"><strong>Covering permission name<\/strong><\/td>\n<td width=\"92\"><strong>Parent class<\/strong><\/td>\n<td width=\"160\"><strong>Parent covering permission name<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"94\">DATABASE<\/td>\n<td width=\"129\"><strong>CREATE EXTERNAL MODEL<\/strong><\/td>\n<td width=\"129\">ALTER ANY EXTERNAL MODEL<\/td>\n<td width=\"92\">SERVER<\/td>\n<td width=\"160\">CONTROL SERVER<\/td>\n<\/tr>\n<tr>\n<td width=\"94\">DATABASE<\/td>\n<td width=\"129\"><strong>ALTER ANY EXTERNAL MODEL<\/strong><\/td>\n<td width=\"129\">CONTROL<\/td>\n<td width=\"92\">SERVER<\/td>\n<td width=\"160\">CONTROL SERVER<\/td>\n<\/tr>\n<tr>\n<td width=\"94\">DATABASE<\/td>\n<td width=\"129\"><strong>ALTER ANY EXTERNAL MIRROR<\/strong><\/td>\n<td width=\"129\">CONTROL<\/td>\n<td width=\"92\">SERVER<\/td>\n<td width=\"160\">CONTROL SERVER<\/td>\n<\/tr>\n<tr>\n<td width=\"94\">DATABASE<\/td>\n<td width=\"129\"><strong>ALTER ANY INFORMATION PROTECTION<\/strong><\/td>\n<td width=\"129\">CONTROL<\/td>\n<td width=\"92\">SERVER<\/td>\n<td width=\"160\">CONTROL SERVER<\/td>\n<\/tr>\n<tr>\n<td width=\"94\">EXTERNAL MODEL<\/td>\n<td width=\"129\"><strong>VIEW DEFINITION<\/strong><\/td>\n<td width=\"129\">CONTROL<\/td>\n<td width=\"92\">DATABASE<\/td>\n<td width=\"160\">VIEW PERFORMANCE DEFINITION<\/td>\n<\/tr>\n<tr>\n<td width=\"94\">EXTERNAL MODEL<\/td>\n<td width=\"129\"><strong>ALTER<\/strong><\/td>\n<td width=\"129\">CONTROL<\/td>\n<td width=\"92\">DATABASE<\/td>\n<td width=\"160\">ALTER ANY EXTERNAL MODEL<\/td>\n<\/tr>\n<tr>\n<td width=\"94\">EXTERNAL MODEL<\/td>\n<td width=\"129\"><strong>TAKE OWNERSHIP<\/strong><\/td>\n<td width=\"129\">CONTROL<\/td>\n<td width=\"92\">DATABASE<\/td>\n<td width=\"160\">CONTROL<\/td>\n<\/tr>\n<tr>\n<td width=\"94\">EXTERNAL MODEL<\/td>\n<td width=\"129\"><strong>EXECUTE<\/strong><\/td>\n<td width=\"129\">CONTROL<\/td>\n<td width=\"92\">DATABASE<\/td>\n<td width=\"160\">EXECUTE<\/td>\n<\/tr>\n<tr>\n<td width=\"94\">EXTERNAL MODEL<\/td>\n<td width=\"129\"><strong>CONTROL<\/strong><\/td>\n<td width=\"129\"><\/td>\n<td width=\"92\">DATABASE<\/td>\n<td width=\"160\">CONTROL<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>What\u2019s worth noting here is consistency:<\/p>\n<p>The distinction between reading metadata and modifying objects is applied cleanly.<\/p>\n<p>We see:<\/p>\n<ul>\n<li>VIEW DEFINITION \u2192 read metadata<\/li>\n<li>ALTER \u2192 modification<\/li>\n<li>CONTROL \u2192 full ownership<\/li>\n<\/ul>\n<p>This aligns with the model introduced in SQL Server 2022 and continues to support a structured approach to Principle of Least Privilege (PoLP).<\/p>\n<h3>Important New Behavior: EXECUTE Covers AI Models<\/h3>\n<p>One detail that can easily be overlooked:<\/p>\n<p>Anyone with EXECUTE permission at the database level can execute AI models (if they exist).<\/p>\n<p><strong>Those of you using a custom db_executor-role, keep that in mind.<\/strong><\/p>\n<p>If you grant:<\/p>\n<p>GRANT EXECUTE TO db_executor;<\/p>\n<p>You are now also granting access to external AI models. And there is no simple way to exclude those objects.<\/p>\n<blockquote><p><em>I really wish Microsoft would introduce object-type granularity. That would also help for view-based access.<\/em><\/p><\/blockquote>\n<p>There is at one small mitigating factor:<br \/>\nTo actually use the model, REFERENCE permission on the associated credential is also required.<\/p>\n<p>Did I say execute?<\/p>\n<p>Technically, to use external models in SQL Server 2025, you use SELECT with a function:<\/p>\n<p>SELECT AI_GENERATE_EMBEDDINGS(N&#8217;Test&#8217; USE MODEL MyAzureOpenAIModel);<\/p>\n<p>\u2026<\/p>\n<h2>Changes to Existing Permissions<\/h2>\n<p>There are a few minor adjustments to existing permissions:<\/p>\n<p>VIEW PERFORMANCE DEFINITION and VIEW SECURITY DEFINITION cover additional objects.<\/p>\n<p>For example: Availability Group metadata is now available with VIEW PERFORMANCE DEFINITION<\/p>\n<p>These are incremental improvements and only noticeable in specific scenarios.<\/p>\n<p><strong>One more change, that was implemented with <a href=\"https:\/\/learn.microsoft.com\/en-us\/troubleshoot\/sql\/releases\/sqlserver-2025\/cumulativeupdate1#4836615\" target=\"_blank\" rel=\"noopener\">SQL Server 2025 CU1<\/a><\/strong><\/p>\n<p>DBCC STACKDUMP now requires sysadmin-membership. Previously, ALTER SERVER STATE was sufficient.<\/p>\n<p>This change slightly reverses progress toward least-privilege operations.<\/p>\n<p>Instead of using targeted permissions such as:<\/p>\n<ul>\n<li>VIEW SERVER SECURITY STATE<\/li>\n<li>VIEW SERVER PERFORMANCE STATE<\/li>\n<li>Extended Events permission<\/li>\n<\/ul>\n<p>\u2026you need full sysadmin-membership for certain (admittedly rare) troubleshooting scenarios.<\/p>\n<p>As a result, the number of commands that require sysadmin, documented here: <a href=\"https:\/\/andreas-wolter.com\/en\/least-privilege-sysadmin-required-sql-server\/\">The challenges for least privilege: When sysadmin is still required in Microsoft SQL Server<\/a> \u2013 grows by one more item.<\/p>\n<p>The bigger issue IMHO is the boundary this removes:<\/p>\n<p>How so?<br \/>\n&#8211; Whoever initiates the stack dump will also need access to the file system to retrieve it.<br \/>\nIn theory, this could be handled via separation of duties (a separate person with File-System access).<br \/>\nIn practice, once someone is sysadmin, that same person can also enable xp_cmdshell, access the file directly, and move beyond SQL Server scope.<br \/>\nIn other words, what started as a troubleshooting task within SQL Server can easily extend into the operating system layer.<\/p>\n<p>That is why I would prefer a dedicated permission &#8211; something like:<\/p>\n<p>GRANT CREATE DUMP TO Login<\/p>\n<p>All in all, the changes are subtle. What matters, is how they play out in real environments. And that we shall see \ud83d\ude42<\/p>\n<p>Andreas<\/p>\n<p><strong>Links to concepts explained in this article:<\/strong><\/p>\n<p><a href=\"https:\/\/andreas-wolter.com\/en\/extended-events-tracing-sql-compliance-principle-of-least-privilege-role-separation\/\">Using Extended Events for Tracing SQL Server and Azure SQL DB in compliance with Principle of Least Privilege \u2013 Example role separation<\/a><\/p>\n<p><a href=\"https:\/\/techcommunity.microsoft.com\/blog\/sqlserver\/new-granular-permissions-for-sql-server-2022-and-azure-sql-to-improve-adherence-\/3607507\" target=\"_blank\" rel=\"noopener\">New granular permissions for SQL Server 2022 and Azure SQL to improve adherence with PoLP<\/a><\/p>\n<p><a href=\"Principle%20of%20Least%20Privilege%20(POLP)\">Principle of Least Privilege (POLP)<\/a><\/p>\n<\/div><\/section>\r\n\r\n<div  class='flex_column av-av_one_full-048119fdb636ea3d70edc0b975509c6c av_one_full  avia-builder-el-2  el_after_av_textblock  el_before_av_social_share  first flex_column_div  column-top-margin'     ><div  class='hr av-av_hr-23b3846cdd0fbd0e234720a594f6db24 hr-default  avia-builder-el-3  el_before_av_textblock  avia-builder-el-first '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<section  class='av_textblock_section av-av_textblock-564067357eb74c20cdd60b282c9b50bd '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>Need to secure your own SQL Server environment against these vulnerabilities? Andreas Wolter and the team at Sarpedon Quality Lab offer proprietary, deep-tier security assessments<\/p>\n<\/div><\/section>\n<div  class='avia-button-wrap av-av_button-c6c9e09391f77f3d6785f30b137ea0c9-wrap avia-button-center  avia-builder-el-5  el_after_av_textblock  el_before_av_hr '>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_button-c6c9e09391f77f3d6785f30b137ea0c9\">\n#top #wrap_all .avia-button.av-av_button-c6c9e09391f77f3d6785f30b137ea0c9{\nfont-size:14px;\nbackground-color:#75a823;\nborder-color:#75a823;\ncolor:#ffffff;\nbox-shadow: 0 0 5px 5px ;\ntransition:all 0.4s ease-in-out;\n}\n<\/style>\n<a href=\"https:\/\/sarpedonqualitylab.us\/sql-server-security-assessment\/\" class=\"avia-button av-av_button-c6c9e09391f77f3d6785f30b137ea0c9 avia-icon_select-yes-left-icon avia-size-medium avia-position-center\" target=\"_blank\" rel=\"noopener\"><span class='avia_button_icon avia_button_icon_left' aria-hidden='true' data-av_icon='\ue832' data-av_iconfont='entypo-fontello'><\/span><span class='avia_iconbox_title' >Explore Sarpedon Quality Lab Assessments<\/span><\/a><\/div>\n<div  class='hr av-av_hr-23b3846cdd0fbd0e234720a594f6db24 hr-default  avia-builder-el-6  el_after_av_button  avia-builder-el-last '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div><\/div>\r\n\r\n<div  class='av-social-sharing-box av-5n5vpa-78ffdd9d224b4a246af65bdc00dce900 av-social-sharing-box-default  avia-builder-el-7  el_after_av_one_full  el_before_av_hr  av-social-sharing-box-fullwidth'><div class=\"av-share-box\"><h5 class='av-share-link-description av-no-toc '>Share article<\/h5><ul class=\"av-share-box-list noLightbox\"><li class='av-share-link av-social-link-facebook' ><a target=\"_blank\" aria-label=\"Share on Facebook\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https:\/\/andreas-wolter.com\/en\/2603_sqlserver2025_newpermissions\/&#038;t=New%20Permissions%20in%20SQL%20Server%202025\" aria-hidden=\"false\" data-av_icon=\"\ue8f3\" data-av_iconfont=\"entypo-fontello\" title=\"\" data-avia-related-tooltip=\"Share on Facebook\" rel=\"noopener\"><span class='avia_hidden_link_text'>Share on Facebook<\/span><\/a><\/li><li class='av-share-link av-social-link-twitter' ><a target=\"_blank\" aria-label=\"Share on Twitter\" href=\"https:\/\/twitter.com\/share?text=New%20Permissions%20in%20SQL%20Server%202025&#038;url=https:\/\/andreas-wolter.com\/en\/?p=7203\" aria-hidden=\"false\" data-av_icon=\"\ue8f1\" data-av_iconfont=\"entypo-fontello\" title=\"\" data-avia-related-tooltip=\"Share on Twitter\" rel=\"noopener\"><span class='avia_hidden_link_text'>Share on Twitter<\/span><\/a><\/li><li class='av-share-link av-social-link-linkedin' ><a target=\"_blank\" aria-label=\"Share on LinkedIn\" href=\"https:\/\/linkedin.com\/shareArticle?mini=true&#038;title=New%20Permissions%20in%20SQL%20Server%202025&#038;url=https:\/\/andreas-wolter.com\/en\/2603_sqlserver2025_newpermissions\/\" aria-hidden=\"false\" data-av_icon=\"\ue8fc\" data-av_iconfont=\"entypo-fontello\" title=\"\" data-avia-related-tooltip=\"Share on LinkedIn\" rel=\"noopener\"><span class='avia_hidden_link_text'>Share on LinkedIn<\/span><\/a><\/li><\/ul><\/div><\/div>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-4ofg9q-c2108540b480aba02923089240a3a176\">\n#top .hr.hr-invisible.av-4ofg9q-c2108540b480aba02923089240a3a176{\nheight:50px;\n}\n<\/style>\n<div  class='hr av-4ofg9q-c2108540b480aba02923089240a3a176 hr-invisible  avia-builder-el-8  el_after_av_social_share  el_before_av_comments_list '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\r\n\r\n<div  class='av-buildercomment av-284ftq-f5a1564cd6b8ffad6ce835e2d40de4b7  av-blog-meta-author-disabled av-blog-meta-html-info-disabled'><\/div>","protected":false},"excerpt":{"rendered":"","protected":false},"author":4,"featured_media":7204,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57,383],"tags":[206,258],"class_list":["post-7203","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-en","category-sql-server-2025","tag-sql-security","tag-sysadmin-en"],"_links":{"self":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/7203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/comments?post=7203"}],"version-history":[{"count":7,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/7203\/revisions"}],"predecessor-version":[{"id":7436,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/7203\/revisions\/7436"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/media\/7204"}],"wp:attachment":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/media?parent=7203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/categories?post=7203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/tags?post=7203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}