Re: problem with orphaned "dbo" user of an attached database
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Thu, 12 Jul 2007 08:58:09 +0000 (UTC)
Holger (Holger@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
I know that this can be fixed with ALTER AUTHORIZATION ON
DATABASE::universe to [login] So, after attaching a database, the user
can simply all ALTER > AUTHORIZATION. My problem is that ALTER
AUTORIZATION requires "CONTROL SERVER" permission, which is simply a
synonym for "sysadmin" role membership and therefore not what I want.
All I want my users grant is "CREATE ANY DATABASE" permission. Does
anybody know a solution besides doing the CREATE DATABASE ... FOR ATTACH
with an adjacent ALTER AUTHORIZATION inside a stored procedure with a
regarding signature?
You could put the ALTER AUTHORSIZATION statement in a stored procedure
that you sign with a certificate, and then you grant a login associated
with that cert CONTOL SERVER. Note that the login is not a real login,
that is, it cannot connect.
For a lot more detail on this, see this article on my web site:
http://www.sommarskog.se/grantperm.html
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- Prev by Date: Re: Assign permissions to allow updates but deny select on table
- Next by Date: Re: problem with orphaned "dbo" user of an attached database
- Previous by thread: Re: Login/Account Lock
- Next by thread: Re: problem with orphaned "dbo" user of an attached database
- Index(es):
Relevant Pages
|
