In the Microsoft Docs page on Principals they are defined as entities that can request SQL Server resources. Examples are LOGIN (requesting access to the server itself), USER (requesting access to database objects), Server Roles (a collection of login principals that can share server-level access rules), and Database Roles (a collection of user principals that can share database-level access rules).

In the Microsoft Docs page on Securables they are defined as resources to which the database engine regulates access to. The examples I understand are the Schema scoped securables such as tables, functions, procedures, and views. What I am currently having trouble understanding are how exactly LOGIN, USER, Server roles, Database Roles, and even Schemas are also listed as securables. I'll give it my best go below based on what I'm assuming, but if anyone could clarify I would greatly appreciate it.

I think that LOGIN can technically qualify as a Securable because the database engine is restricting access to a LOGIN on the premise of valid credentials being passed to the server to actually login. Regarding the rest, I suppose they could technically qualify as a Securable because the only way someone has access to the rights of a user, server role, database role, or access to schema objects, are those principals that are assigned membership to those entities by a database administrator. Is this right? It's just not explained how they qualify as securables in the documentation and I suppose the idea that some principals are also securables, but not all securables are also principals can be a little confusing without a more clear statement of such a rule and example.

Thank you for any help you can provide!