Re: Allow a 'user' to create new users

From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
Date: Thu, 10 Jan 2008 14:44:30 -0800

Carlos A. (CarlosA@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:

The user must be 'dbo' of userdatabase, and member of securityadmin role
of the sql server, to execute sp_addlogin
sp_adduser
sp_grantlogin
and assign permissions overall obejcts of user database.

Of these only sp_addlogin/CREATE LOGIN requires securityadmin membership.
For the rest, it's sufficient to be dbo or member of the db_owner role.
Or in SQL 2005 parlance: have CONTROL permission on the database.

--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.

References:
- Re: Allow a 'user' to create new users
  - From: Erland Sommarskog

Prev by Date: Re: user defined Role - HELP
Next by Date: Re: user defined Role - HELP
Previous by thread: Re: Allow a 'user' to create new users
Next by thread: Re: sql server 2005 account lockout
Index(es):
- Date
- Thread

Relevant Pages

ADP, Application Role, and objects
... The above link is to an atricle on how to implement SQL Server Application ... After you connect with your ADP, fire a bit of code to set the ... third party tools to view the data on the same database. ... Scenario 1 - If I explicitly grant permissions on that object to the user ...
(microsoft.public.access.adp.sqlserver)
Re: field level security question
... Vyas, MVP ... listBox control that gets data from a query of the sql server table. ... > recent change in requirement) I see the option to limit permissions right ... > utility opens except their is just no data. ...
(microsoft.public.sqlserver.security)
Re: The user does not have permission to perform this action.
... exec sp_addlinkedserver 'remote_server_name' ... Execute permissions default to members of the sysadmin and setupadmin ... Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx ... Books Online for SQL Server 2005 at ...
(comp.databases.ms-sqlserver)
Re: Deny access to all users (including Administrator and DomainAd
... permissions on stored procedure override ... applictaion's user account permissions to the stored procedure which will ... Will try to deny access through the query for SQL Server 2005 and 2000. ... Remove everyone that you don't want rom an Administrator Groups ...
(microsoft.public.sqlserver.security)
Re: SQL 2000 Windows Authentication - Same User Multiple Groups
... functionality using our WinForm app and read-only functionality using ... SQL Server permissions are not application-aware. ... App1 contains CRUD functionality using stored procs (EXEC perms on ...
(microsoft.public.sqlserver.security)