Security Rules
Microsoft® SQL Server™ logins, users, roles, and passwords can contain from 1 through 128 characters, including letters, symbols, and digits, (for example Andrew-Fuller, Margaret Peacock, or 139abc). Therefore, Microsoft Windows NT® 4.0, Microsoft Windows® 2000, or Microsoft Windows 98 user names can be used as SQL Server logins.
However, because logins, user names, roles, and passwords are often used in Transact-SQL statements, certain symbols must be delimited with double quotation marks ("), or square brackets ([ ]). Use delimiters in Transact-SQL statements when the SQL Server login, user, role, or password:
- Contains, or begins with, a space character.
- Begins with the $ or @ character.
Note It is not necessary to specify delimiters when entering logins, users, roles, and passwords into the text boxes of the SQL Server graphical client tools, such as SQL Server Enterprise Manager.
Additionally, a SQL Server login, user, or role cannot:
- Contain a backslash (\) character, unless referring to an existing Windows NT 4.0 or Windows 2000 user or group. The backslash separates the Windows NT 4.0 or Windows 2000 computer or domain name from the user name.
- Already exist in the current database (or master, for logins only).
- Be NULL, or an empty string ("").