SQL Server security is a broad subject area, with enough potential avenues of exploration that entire books have been written on the topic. This chapter's goal is not to cover the whole spectrum of security knowledge necessary to create a product that is secure from end to end, but rather to focus on those areas that are most important during the software design and development process.
Broadly speaking, data security can be broken into two areas:
Authentication: The act of verifying the identity of a user of a system
Authorization: The act of giving a user access to the resources that a system controls
These two realms can be delegated separately in many cases; so long as the authentication piece works properly, ...