Skip to content

credentials-database-engine.md

Latest commit

 

History

History
48 lines (37 loc) · 3.65 KB

credentials-database-engine.md

File metadata and controls

48 lines (37 loc) · 3.65 KB
title Credentials (Database Engine)
description Learn about credentials in SQL Server. Get acquainted with the authentication information required to connect to a resource outside SQL Server.
author VanMSFT
ms.author vanto
ms.date 06/27/2019
ms.service sql
ms.subservice security
ms.topic concept-article
ms.custom
ignite-2025
helpviewer_keywords
principals [SQL Server], credentials
schemas [SQL Server], credentials
permissions [SQL Server], credentials
groups [SQL Server], credentials
ALTER ANY CREDENTIAL permission
security [SQL Server], credentials
authentication [SQL Server], credentials
users [SQL Server], credentials
credentials [SQL Server], about credentials
credentials [SQL Server]
monikerRange >=aps-pdw-2016 || =azuresqldb-current || =azure-sqldw-latest || >=sql-server-2016 || >=sql-server-linux-2017 || =azuresqldb-mi-current || =fabric-sqldb

Credentials (Database Engine)

[!INCLUDE SQL Server Azure SQL Database Azure SQL Managed Instance Azure Synapse Analytics PDW FabricSQLDB]

A credential is a record that contains the authentication information (credentials) required to connect to a resource outside [!INCLUDEssNoVersion]. This information is used internally by [!INCLUDEssNoVersion]. Most credentials contain a Windows user name and password.

The information stored in a credential enables a user who has connected to [!INCLUDEssNoVersion] by way of [!INCLUDEssNoVersion] Authentication to access resources outside the server instance. When the external resource is Windows, the user is authenticated as the Windows user specified in the credential. A single credential can only be mapped to a single [!INCLUDEssNoVersion] login. And a [!INCLUDEssNoVersion] login can be mapped to only one credential.

For credentials that are stored in the master database and can be used throughout the instance of [!INCLUDEssNoVersion], see CREATE CREDENTIAL (Transact-SQL). For credentials used by a specific database, and portable with that database, see CREATE DATABASE SCOPED CREDENTIAL (Transact-SQL).

System credentials are created automatically and are associated with specific endpoints. Names for system credentials start with two hash signs (##).

For more information about credentials, see the sys.credentials and sys.database_scoped_credentials catalog views.

In Fabric SQL database, Microsoft Entra ID for database users is the only supported authentication method. Only database-scoped credentials are supported.

Related Content

Create a Credential
CREATE CREDENTIAL (Transact-SQL)
CREATE DATABASE SCOPED CREDENTIAL (Transact-SQL)
Securing SQL Server