MSSQL Server-Level Roles
sysadmin
Has all permissions in the server. It can do everything that any other server-level role can do.
Check
To see who has been granted 'sysadmin'...
SELECT sp.name,
sp.is_disabled
FROM sys.server_role_members rm,
sys.server_principals sp
WHERE rm.role_principal_id = SUSER_ID('Sysadmin')
AND rm.member_principal_id = sp.principal_id
Sometimes it's useful just to have a count of the number of users with sysadmin...
SELECT COUNT(*)
FROM sys.server_role_members rm,
sys.server_principals sp
WHERE rm.role_principal_id = SUSER_ID('Sysadmin')
AND rm.member_principal_id = sp.principal_id
NT AUTHORITY\SYSTEM
In earlier versions of SQL Server, NT AUTHORITY\SYSTEM was granted the sysadmin role. This is no longer recommended as it is considered a shared account.
https://www.stigviewer.com/stig/ms_sql_server_2016_instance/2018-03-09/finding/V-79129serveradmin
Start or Stop the server
securityadmin
Has the ALTER ANY LOGIN privilege. Therefore a Login with this Role is capable of granting any other Role or Privilege (except SYSADMIN) to any other User or Role, including itself.
processadmin
Can Kill processes
setupadmin
Create a Linked Server.
(But, just because you can doesn't mean you should).bulkadmin
Allows you to bulk load records into a database.
diskadmin
Newer backup technologies have made this pretty much redundant.
dbcreator
Can create a new database.
public
Can connect.