The SQL Server Database Engine manages the security hierarchy with a collection of entities known as securables. These entities can be secured with permissions within the database engine.
The most prominent securables are servers and databases, but discrete permissions can be set at a much finer level. SQL Server regulates the actions of principals on securables by verifying that they have been granted appropriate permissions.
The following illustration shows the relationships among the Database Engine permissions hierarchies.
For a poster sized chart of all Database Engine permissions in pdf format.