Database Mail Configuration Objects
Database Mail provides two types of configuration objects:
- Database Mail profiles are sets of accounts.
- Database Mail accounts contain information for e-mail servers.
Database Mail includes configuration stored procedures in the msdb database. You can write Transact-SQL scripts to use these procedures directly.
Applications that send e-mail using Database Mail specify profiles, instead of using accounts directly. Separating information about the individual e-mail servers from the objects that the application uses improves flexibility and reliability: profiles provide automatic failover, so that if one e-mail server is unresponsive, Database Mail can automatically send mail to another e-mail server. Database administrators can add, remove, or reconfigure accounts without requiring changes to application code or job steps.
For improved security, Database Mail manages access to mail profiles. A profile may be public or private. Public profiles are available for all members of the DatabaseMailUserRole database role in the msdb database. They allow all members of the DatabaseMailUserRole role to send e-mail using the profile. Private profiles are defined for security principals in the msdb database. They allow only specified database users, roles, and members of the sysadmin fixed server role to send e-mail using the profile. By default, a profile is private, and allows access only to members of the sysadmin fixed server role. To use a private profile, sysadmin must grant users permission to use the profile. Additionally, EXECUTE permission on the sp_send_dbmail stored procedure is only granted to members of the DatabaseMailUserRole. A system administrator must add the user to the DatabaseMailUserRole database role for the user to send e-mail messages.
The following illustration shows the relationship between accounts, profiles, and users. Notice that a user may have permission to use more than one profile, but only one profile can be defined as the default profile. Each profile can use more than account. An account may be used by more than one profile.
The illustration shows two profiles, three accounts, and three users. User 1 has access to Profile 1, which uses Account 1 and Account 2. User 3 has access to Profile 2, which uses Account 2 and Account 3. User 2 has access to both Profile 1 and Profile 2.