Both methods you list are incorrect.
To start with, is always incorrect to check for db_owner
membership. The correct check is for CONTROL permission on the database, and the appropriate function to use is HAS_PERM_BY_NAME()
. This will save you from the embarrassment of your application refusing to work with an user that has sufficient privileges (CONTROL) because the application uses an incorrect check (role/group membership). This is actually explicitly called out on MSDN:
If the user has the CONTROL DATABASE permission but is not a member of
db_owner
role, ... will correctly report that the user is not a member of the db_owner role, even though the user has the same permissions.
Finally, if you really need to know role/group membership, the appropriate function is IS_MEMBER()