Creating a user named guest in a database enables any user with a login ID for SQL Server to access the database as a guest user. If a user attempts to access the database but does not have a username (his or her username is not found in the database's sysusers table), SQL Server looks for a user named guest. If there is one, the user is allowed to use the database, under the permissions assigned to guest.
When the guest username is first added to a database, the username inherits the privileges of the public group. The database owner and the owners of database objects can change these permissions, to make the privileges of guest either more or less restrictive than those of public.
If you are using integrated security and have not created individual login IDs for users, you can provide a database username for the default login ID, or you can add the guest user. In both cases, be aware that any user of integrated security can access the database and acquires the permissions you assign to the default login ID or to the guest user. (This is also true for connections from a client configured to force trusted connections. For information, see Client-Requested Trusted Connections, earlier in this chapter.)
In databases, the database owner is responsible for setting up a guest user. A guest user in a database allows the database owner to extend database use to all SQL Server users without explicitly naming each one.
When SQL Server is installed, the master, tempdb, msdb, and pubs databases contain the guest user. The model database, and user databases that are later created, do not. Each database owner can add, if appropriate, a guest user to any user database, thus extending database access to all SQL Server users, without explicitly naming each one.
The guest user in the master database means that any user with a login ID for SQL Server (or, with integrated security, any user granted user-level privilege to access SQL Server) can successfully connect to SQL Server by logging in with his or her own name. If the username is not found (in master..sysusers), the user is recognized as guest and inherits whatever permissions the public group has been granted.