MANAGING SQL ROLES AND PERMISSIONS

Server-level roles

There are database-level roles and server-level roles. Server-level roles lets you manage the permissions on a server. The following are fixed server-level roles:sysadmin, serveradmin, securityadmin, processadmin, bulkadmin diskadmin, dbcreator, and public. Every SQL server login belongs to the public server role. There are no server-level permissions inherent in the public server role. VIEW ANY DATABASE, and CONNECT permissions are default server permissions for the public server role (however, these can be revoked).

Server-level roles:
https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/server-level-roles?view=sql-server-2017

Database-level roles

Under “User Mappings”, you have a list of all the databases on the server. You also have “Database role membership”, which is where you can specify the database-level roles. The database level roles are: db_owner, db_securityadmin, db_accessadmin, db_backupoperator, db_ddladmin, db_datawriter, db_denydatareader, db_denydatawriter, and db_denydatareader.

db_datareader can read all the data from all user tables and views.