Michel,

You don't say which version of SQL Server you are using.

Assuming SQLServer2000: Yes, you create a login at the server level, and then you can assign the databases that user can access. You can test this by using something like query analyzer to connect to the server with a specific login and when you attempt to USE a database the user doesn't have access to it won't be allowed. Graphically you can see this via the Object Browser you won't see the other databases. Within the database you can assign the user to a "role" which can have specific access granted or denied to each object (table, view, SP, function) within the database. The same access can be administered at the user level, but roles are better.

Master, msdb and tempdb are special case databases.

dbo is the owner. sys may be the sysadmin user. if you remove guest you end up causing some significant problems, you can assign it a very restrictive role. I can't recall specific problems it causes, check the BOL and and google it

>I have found that we need to add every new user at the SQL Server main security pane. Then, at the database level, we need to select from the list of users. I am just wondering now what kind of protection there is in place to assure that only this user will have access to the database. I see that dbo, guest, INFORMATION_SCHEMA and sys have also access. Should I remove guest to make sure that only the new user I added is allowed access to the database?