Re: System Administrator Implied Permissions

From: Jose Molina (jmolina4@cox.net)
Date: 03/30/03

  • Next message: Dan Guzman: "Re: System Administrator Implied Permissions" 
    From: "Jose Molina" <jmolina4@cox.net>
Date: Sun, 30 Mar 2003 11:09:56 -0800

    Hi Dan,
    I am aware of this but I still need a little more
    clarification. As an example: Does the db_owner fixed
    database role need to be assigned to any sysadmin role?
    I was under the impression that this role was implied.

    Please advise.

    Thanks!

    -Jose
    >-----Original Message-----
    >> SQL Server initially creates the 'sa' user. Isn't the
    >> db_owner an implied permission for the fixed server
    role
    >> System Administrator anyway? If this is the case, why
    >> the redundancy?
    >
    >Members of the sysadmin role are automatically mapped to
    the 'dbo' user
    >in all databases. This is somewhat different that being
    a db_owner
    >fixed database role member because the 'dbo' user can
    also perform
    >functions on the owned database outside the database
    context, such as
    >DROP DATABASE.
    >
    >--
    >Hope this helps.
    >
    >Dan Guzman
    >SQL Server MVP
    >
    >-----------------------
    >SQL FAQ links (courtesy Neil Pike):
    >
    >http://www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
    >http://www.sqlserverfaq.com
    >http://www.mssqlserver.com/faq
    >-----------------------
    >
    >"Jose Molina" <jmolina4@cox.net> wrote in message
    >news:002601c2f68b$0fce98c0$3401280a@phx.gbl...
    >> Hello,
    >> I had a question concerning the database permissions
    SQL
    >> Server checks for the 'sa' role. The db_owner fixed
    >> database role is checked for each of the databases when
    >> SQL Server initially creates the 'sa' user. Isn't the
    >> db_owner an implied permission for the fixed server
    role
    >> System Administrator anyway? If this is the case, why
    >> the redundancy?
    >>
    >> Thanks!
    >>
    >> -Jose
    >
    >
    >.
    >

  • Next message: Dan Guzman: "Re: System Administrator Implied Permissions"

    Relevant Pages

    • Re: database owner
      ... Thanks for all your help Dan, ... it can access the SQL Server as a sysadmin role member by default. ... And I don't have to make an own login for the backupexec account on the database, as long as it is a member of the dedicated admins group I made on the database that are a part of the system administrator role? ... I do not have a dedicated login for this user on the server, but this account is member of a administrators group in the sql server and this group is dedicated at dbo on all databases and belongs to the sysadmin servers role. ...
      (microsoft.public.sqlserver.security)
    • Re: Confused about dbo
      ... Jasper Smith (SQL Server MVP) ... > database within a SQL Server instance. ... > There are several ways you could have the username dbo. ... > the true owner of the database. ...
      (microsoft.public.sqlserver.security)
    • Re: moving data in a database to another file on a SAN
      ... Moving SQL Server Databases ... > Issues When a Database Is Moved Between SQL Servers ... > "Dan D." ...
      (microsoft.public.sqlserver.server)
    • Re: Change dbo
      ... I have a database where a user is defined as the dbo on a database. ... I tried using SQL Server Manger ... The login for this person maps to dbo. ...
      (microsoft.public.sqlserver.security)
    • Re: System Administrator Implied Permissions
      ... mapped to the 'dbo' user are members of the public and db_owner roles. ... Permissions are not checked for sysadmin role members so all other role ... > database role need to be assigned to any sysadmin role? ... >>> SQL Server initially creates the 'sa' user. ...
      (microsoft.public.sqlserver.security)