Re: GRANT CREATE DATABASE versus GRANT ALTER ANY LOGIN


"Erland Sommarskog" <esquel@xxxxxxxxxxxxx> wrote in message
news:Xns9911AB07D649Yazorman@xxxxxxxxxxxx
Joe (jwdaigle@xxxxxxxxxxxxx) writes:
OK, I obviously dont understand something really simple here. Could
someone help me see the light? :-)

Im logged in as a local machine admin.


C:\> SQLCMD -E
1> grant create database to [valen\nsLocalDBUsers]
2> go
1> grant alter any login to [valen\nsLocalDBUsers]
2> go
Msg 15151, Level 16, State 1, Server VALEN, Line 1
Cannot find the login 'valen\nsLocalDBUsers', because it does not exist
or
you d
o not have permission.
1>

CREATE DATABASE is a database permission, ALTER ANY LOGIN is a server-
level permission. Database permissions are granted to database principals,
server permissions to logins.

It's certainly interesting that [valen\nsLocalDBUsers] is a database
user, but not a login, particularly if this is the master database.
But I would dig into sys.server_principals and sys.database_principals
to see what anomalies I could find.



--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx


Ah, I think I might see the problem now based on your response.
valen\nsLocalDBUsers is a group, not a user. It is a Windows group that I
added to the database in question using "sp_grantdbaccess". My guess is
that I did not first add it to the server because sp_grantdbaccess seems to
do the grantlogin at the server level "automatically".

Am I correct that I should have added the group to the server first, and
then granted access to the database? What is the recommended method for
adding a windows user/group to the server?

Thanks for any additional help, I am off to read the online help to
understand this better :-)

joe


.

Relevant Pages

  • Re: Install MSDE w/ MSDE Depl.Toolkit. What permissions when using Win Auth?
    ... I created a login using Enterprise Manager on SQL Server on my server. ... Database Access tab I ticked the tick box for the database that I ... Now when my user installed the MSDE database on his machine locally, ...
    (microsoft.public.sqlserver.msde)
  • Re: Installation OK, but cant connect
    ... > created an access database. ... SQL Server authentication is "client" independent.... ... connections or SQL Server authenticated connections... ... which authenticate user's login at the windows login step... ...
    (microsoft.public.sqlserver.msde)
  • Re: Setting up Linked server to MsAccess
    ... At the server level I have added my windows user group ... At the database level I have added my Server login ...
    (microsoft.public.sqlserver.security)
  • Re: dumb++ security
    ... If the user doesn't have permission ... > to connect to either database, ... Proud Member of the Exclusive "I have been plonked by Davee because he ... > database/some server to perform task A. ...
    (comp.security.misc)
  • Re: dumb++ security
    ... If the user doesn't have permission ... > to connect to either database, ... Proud Member of the Exclusive "I have been plonked by Davee because he ... > database/some server to perform task A. ...
    (comp.security.unix)