List server-level permissions
Permissions that can be added (granted) or taken away (revoked) from user-defined server roles can be queried like so:
select permission_name from sys.fn_builtin_permissions('server') order by permission_name;
On
SQL Server 2017, the query returns
- ADMINISTER BULK OPERATIONS
- ALTER ANY AVAILABILITY GROUP
- ALTER ANY CONNECTION
- ALTER ANY CREDENTIAL
- ALTER ANY DATABASE
- ALTER ANY ENDPOINT
- ALTER ANY EVENT NOTIFICATION
- ALTER ANY EVENT SESSION
- ALTER ANY LINKED SERVER
- ALTER ANY LOGIN
- ALTER ANY SERVER AUDIT
- ALTER ANY SERVER ROLE
- ALTER RESOURCES
- ALTER SERVER STATE
- ALTER SETTINGS
- ALTER TRACE
- AUTHENTICATE SERVER
- CONNECT ANY DATABASE
- CONNECT SQL
- CONTROL SERVER
- CREATE ANY DATABASE
- CREATE AVAILABILITY GROUP
- CREATE DDL EVENT NOTIFICATION
- CREATE ENDPOINT
- CREATE SERVER ROLE
- CREATE TRACE EVENT NOTIFICATION
- EXTERNAL ACCESS ASSEMBLY
- IMPERSONATE ANY LOGIN
- SELECT ALL USER SECURABLES
- SHUTDOWN
- UNSAFE ASSEMBLY
- VIEW ANY DATABASE
- VIEW ANY DEFINITION
- VIEW SERVER STATE