MSSQL Server-Level Roles

sysadmin

Has all permissions in the server. It can do everything that any other server-level role can do.

Check

To see who has been granted 'sysadmin'...

SELECT sp.name,

       sp.is_disabled

  FROM sys.server_role_members rm,

       sys.server_principals sp

 WHERE rm.role_principal_id = SUSER_ID('Sysadmin')

   AND rm.member_principal_id = sp.principal_id

Sometimes it's useful just to have a count of the number of users with sysadmin...

SELECT COUNT(*)

  FROM sys.server_role_members rm,

       sys.server_principals sp

 WHERE rm.role_principal_id = SUSER_ID('Sysadmin')

   AND rm.member_principal_id = sp.principal_id

NT AUTHORITY\SYSTEM

In earlier versions of SQL Server, NT AUTHORITY\SYSTEM was granted the sysadmin role. This is no longer recommended as it is considered a shared account.

https://www.stigviewer.com/stig/ms_sql_server_2016_instance/2018-03-09/finding/V-79129

serveradmin

Start or Stop the server

securityadmin

Has the ALTER ANY LOGIN privilege. Therefore a Login with this Role is capable of granting any other Role or Privilege (except SYSADMIN) to any other User or Role, including itself.

processadmin

Can Kill processes

setupadmin

Create a Linked Server.

(But, just because you can doesn't mean you should).

bulkadmin

Allows you to bulk load records into a database.

diskadmin

Newer backup technologies have made this pretty much redundant.

dbcreator

Can create a new database.

public

Can connect.

Bibliography