Re: sql admin rights question

From: Sue Hoegemeier (Sue_H_at_nomail.please)
Date: 04/12/05


Date: Mon, 11 Apr 2005 18:51:09 -0600

If they need admin rights to the entire server then they
need to be a member of the sysadmin role. Any Deny does not
apply to a sysadmin. Permissions are cumulative with deny
taking precedence but a sysadmin bypasses all of this.

-Sue

On Mon, 11 Apr 2005 18:09:35 -0400, "Keith G Hicks"
<krh@comcast.net> wrote:

>Yes. This is very helpful. I just found "Denying Permissions" in B.O.L.
>Thank you.
>
>Keith
>
>"Joseph MCAD" <anonymous@microsoft.discussions.com> wrote in message
>news:e4KjIztPFHA.3704@TK2MSFTNGP12.phx.gbl...
>April 11, 2005
>
> Yes. You can grant the user the DB_Admin (hopefully that is the correct
>admin role) role and then goto the specific database and then put a Deny ACE
>in for the user. This will grant the user overall admin rights, but since
>Deny ACEs have precedence over allows, the user will not be able to access
>your database. I hope this helps! :-)
>
> Joseph MCAD
>
>
>
>