Re: System Administrator Implied Permissions

From: Dan Guzman (danguzman@nospam-earthlink.net)
Date: 03/30/03 

From: "Dan Guzman" <danguzman@nospam-earthlink.net>
Date: Sun, 30 Mar 2003 14:56:36 -0600

Jose, I think I understand your question better now. When you view
login security in Enterprise Manager, the GUI will show that logins
mapped to the 'dbo' user are members of the public and db_owner roles.
This means that the 'dbo' user is a member of the db_owner role and
'dbo' (like all users) is a member of the public role.

Permissions are not checked for sysadmin role members so all other role
memberships and permissions are irrelevant 

-- 
Hope this helps.
Dan Guzman
SQL Server MVP
"Jose Molina" <jmolina4@cox.net> wrote in message
news:007b01c2f6ef$f3b5f4c0$a201280a@phx.gbl...
> Hi Dan,
> I am aware of this but I still need a little more
> clarification.  As an example: Does the db_owner fixed
> database role need to be assigned to any sysadmin role?
> I was under the impression that this role was implied.
>
> Please advise.
>
> Thanks!
>
> -Jose
> >-----Original Message-----
> >> SQL Server initially creates the 'sa' user. Isn't the
> >> db_owner an implied permission for the fixed server
> role
> >> System Administrator anyway?  If this is the case, why
> >> the redundancy?
> >
> >Members of the sysadmin role are automatically mapped to
> the 'dbo' user
> >in all databases.  This is somewhat different that being
> a db_owner
> >fixed database role member because the 'dbo' user can
> also perform
> >functions on the owned database outside the database
> context, such as
> >DROP DATABASE.
> >
> >-- 
> >Hope this helps.
> >
> >Dan Guzman
> >SQL Server MVP
> >
> >-----------------------
> >SQL FAQ links (courtesy  Neil Pike):
> >
> >http://www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
> >http://www.sqlserverfaq.com
> >http://www.mssqlserver.com/faq
> >-----------------------
> >
> >"Jose Molina" <jmolina4@cox.net> wrote in message
> >news:002601c2f68b$0fce98c0$3401280a@phx.gbl...
> >> Hello,
> >> I had a question concerning the database permissions
> SQL
> >> Server checks for the 'sa' role.  The db_owner fixed
> >> database role is checked for each of the databases when
> >> SQL Server initially creates the 'sa' user. Isn't the
> >> db_owner an implied permission for the fixed server
> role
> >> System Administrator anyway?  If this is the case, why
> >> the redundancy?
> >>
> >> Thanks!
> >>
> >> -Jose
> >
> >
> >.
> >

Relevant Pages

  • Re: System Administrator Implied Permissions
    ... > sa login, it assigns it the System Administrator fixed ... > Now, given this, why does SQL Server ... in each database is always a member of the public and db_owner roles. ... Other sysadmin role members have the exact same ...
    (microsoft.public.sqlserver.security)
  • Re: Confused about dbo
    ... Jasper Smith (SQL Server MVP) ... > database within a SQL Server instance. ... > There are several ways you could have the username dbo. ... > the true owner of the database. ...
    (microsoft.public.sqlserver.security)
  • Re: Change dbo
    ... I have a database where a user is defined as the dbo on a database. ... I tried using SQL Server Manger ... The login for this person maps to dbo. ...
    (microsoft.public.sqlserver.security)
  • Re: Delegate Power of God to only 1 database - How?
    ... Guess I'll have to look more closely at the permissions ... >I support the Professional Association for SQL Server ... >> permissions to only that database which can be assigned ... >>>Exactly what is this 'dBO' role you are referring to? ...
    (microsoft.public.sqlserver.security)
  • Re: Change dbo
    ... I have a database where a user is defined as the dbo on a database. ... I tried using SQL Server Manger ... The login for this person maps to dbo. ...
    (microsoft.public.sqlserver.security)