This article describes how to grant permissions to the desired principal on specific SQL servers (database engines). You can also revoke permissions from the desired principals and drop logins from SQL Servers.

Grant server permissions

1. Navigate to Security Management and click on the Security Wizard in the Manage ribbon.
2. Select Grant server permissions and Next to continue.
3. The Server step allows you to specify the target database engines for which the changes will be made. Select the SQL Server database engines for which you want to grant server permissions and click OK. Click Next to continue.
4. The Logins and Roles step allows you to select the principals who will be granted permissions and the server roles you wish to grant for those principals. If a login does not exist on any of the selected servers, it will be created. Click Next to continue.
5. In the Options step, you can choose either to grant permissions immediately after finishing the wizard using the Run now option or to grant and/or revoke permissions automatically on the required date and time. If you choose the Run on Schedule option, the SQL Estate Manager Service will perform the selected actions at the specified time. To delay the Grant server permissions action, select the Grant Permissions On checkbox, and then click the required date and time. You can also specify the time to revoke automatically previously granted server permissions and drop created logins by selecting the Revoke Permissions On checkbox, and then clicking the required date and time.If you choose to revoke permissions only, the permissions will be granted immediately after finishing the wizard, and revoked at the specified time. After you finish the wizard, all scheduled actions will be visible with the Pending status in the Scheduled Actions form. If you decide later that you do not want to execute any of the pending actions, you can cancel and delete them using the Delete link in the Scheduled Actions form.
6. If you have configured the automatic permissions management, you can specify the email address that will receive an email notification of the actions performed in the Send Result To step.
7. In the Preview step, make sure that the pending changes will do exactly what you want and have specified in the previous steps of this wizard.
8. The last step shows the changes that were made. If there are errors, they will be displayed here. It is possible to save this log to disk as a .txt file using the Save Log button.

Revoke server permissions

1. Navigate to the Security Management and click on the Security Wizard in the Manage ribbon.
2. Select Revoke server permissions and Next to continue.
3. The Server step allows you to specify the target database engines for which the changes will be made. Select the SQL Server database engines for which you want to revoke server permissions and click OK. Click Next to continue.
4. The Logins and Roles step allows you select the principals from which permissions will be revoked and the server roles you wish to revoke from those principals. Click Next to continue.
5. In the Options step, you can choose either to revoke permissions immediately after finishing the wizard using the Run now option or to revoke permissions automatically on the required date and time. If you choose the Run on Schedule option, the SQL Estate Manager Service will perform the selected actions at the specified time. To delay the Revoke server permissions action, select the Revoke Permissions On checkbox, and then click the required date and time. After you finish the wizard, all scheduled actions will be visible with the Pending status in the Scheduled Actions form. If you decide later that you do not want to execute any of the Scheduled actions, you can cancel them using the Delete link in the Scheduled Actions form.
6. If you have configured the automatic permissions management, you can specify the email address that will receive an email notification of the actions performed in the Send Result To step.
7. In the Preview step, make sure that the pending changes will do exactly what you want and have specified in the previous steps of this wizard.
8. The last step shows the changes that were made. If there are errors, they will be displayed here. It is possible to save this log to disk as a .txt file using the Save Log button.

Drop logins

1. Navigate to Security Management and click on the Security Wizard in the Manage ribbon.
2. Select Drop logins and Next to continue.
3. The Server step allows you to specify the target database engines for which the changes will be made. Select the SQL Server database engines from which you want to drop logins and click OK. Click Next to continue.
4. The Logins and Roles step allows you to select the principals from which permissions logins will be dropped and server roles you wish to revoke from those principals. Click Next to continue.
5. n the Options step, you can choose either to revoke permissions immediately after finishing the wizard using the Run now option or to revoke permissions automatically on the required date and time. If you choose the Run on Schedule option, the SQL Estate Manager Service will perform the selected actions at the specified time. To delay the Drop logins action, select the Drop Logins On checkbox, and then click the required date and time. After you finish the wizard, all scheduled actions will be visible with the Pending status in the Scheduled Actions form. If you decide later that you do not want to execute any of the scheduled actions, you can cancel them using the Delete link in the Scheduled Actions form.
6. If you have configured the automatic permissions management, you can specify the email address that will receive an email notification of the actions performed in the Send Result To step.
7. In the Preview step, make sure that the pending changes will do exactly what you want and have specified in the previous steps of this wizard.
8. The last step shows the changes that were made. If there are errors, they will be displayed here. It is possible to save this log to disk as a .txt file using the Save Log button.