Re: GRANT CREATE DATABASE versus GRANT ALTER ANY LOGIN
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Thu, 12 Apr 2007 22:03:46 +0000 (UTC)
Joe (jwdaigle@xxxxxxxxxxxxx) writes:
OK, I obviously dont understand something really simple here. Could
someone help me see the light? :-)
Im logged in as a local machine admin.
C:\> SQLCMD -E
1> grant create database to [valen\nsLocalDBUsers]
1> grant alter any login to [valen\nsLocalDBUsers]
Msg 15151, Level 16, State 1, Server VALEN, Line 1
Cannot find the login 'valen\nsLocalDBUsers', because it does not exist or
o not have permission.
CREATE DATABASE is a database permission, ALTER ANY LOGIN is a server-
level permission. Database permissions are granted to database principals,
server permissions to logins.
It's certainly interesting that [valen\nsLocalDBUsers] is a database
user, but not a login, particularly if this is the master database.
But I would dig into sys.server_principals and sys.database_principals
to see what anomalies I could find.
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
Books Online for SQL Server 2000 at
- Prev by Date: Re: Multiple roles?
- Next by Date: Re: GRANT CREATE DATABASE versus GRANT ALTER ANY LOGIN
- Previous by thread: Re: GRANT CREATE DATABASE versus GRANT ALTER ANY LOGIN
- Next by thread: Re: GRANT CREATE DATABASE versus GRANT ALTER ANY LOGIN