Re: sql admin rights question
From: Joseph MCAD (anonymous_at_microsoft.discussions.com)
Date: Mon, 11 Apr 2005 18:26:39 -0700
April 11, 2005
You need to be able to Deny the admin, however, and therefore should Not
be a sysadmin. You should stick with DB_Admin. HTH :-)
"Sue Hoegemeier" <Sue_H@nomail.please> wrote in message
> If they need admin rights to the entire server then they
> need to be a member of the sysadmin role. Any Deny does not
> apply to a sysadmin. Permissions are cumulative with deny
> taking precedence but a sysadmin bypasses all of this.
> On Mon, 11 Apr 2005 18:09:35 -0400, "Keith G Hicks"
> <email@example.com> wrote:
>>Yes. This is very helpful. I just found "Denying Permissions" in B.O.L.
>>"Joseph MCAD" <firstname.lastname@example.org> wrote in message
>>April 11, 2005
>> Yes. You can grant the user the DB_Admin (hopefully that is the
>>admin role) role and then goto the specific database and then put a Deny
>>in for the user. This will grant the user overall admin rights, but since
>>Deny ACEs have precedence over allows, the user will not be able to access
>>your database. I hope this helps! :-)
>> Joseph MCAD