March 28, 2012 at 11:04 am
Hello,
I have two logins U1 and U2 on my server. Both are Sql Logins. I grant alter permission to U1(Principle) on U2(Securable). I granted these permissions as SysAdmin (Windows login ).
When I go to U1 properties and look at the securables I see that U1 has Grant to Alter U2.
Now when i login as U1 and try changing the password for U2. I get the error that I dont have permissions. As i as admin did gtrant permission to alter U2 by U1. But I am not able to figure out why I am not able to do it.
Any ideas what could be the possible causes?
One more wierd thing is as a sysadmin after I grant U1 alter on U2 and click ok. and the I go back to U1's properties I see that granter to U1 is U2. But since I(sysadmin) was the one who granted the permission shouldn't I be listed as granter? But I see U2(User on whom I gave U1 alter permission) as Granter.
If what I said above is confusing. Please see below.
[Permission] [Granter] [Grant] [With Grant] [Deny]
Alter U2 Checked Unchecked Unchecked
This is a little confusing.
Does any one have Idea what might be causing this??
March 28, 2012 at 12:42 pm
I can recreate the issue, but I cannot explain it.
This does not allow [test_dbo] to change the password of [test_default_schema]:
use [master]
GO
GRANT ALTER ON LOGIN::[test_default_schema] TO [test_dbo]
GO
This does, however that is more power than it sounds like you need to grant:
use [master]
GO
GRANT ALTER ANY LOGIN TO [test_dbo]
GO
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply