Post reply

Can securityadmin reset credential passwords?

  • May 14, 2015 at 2:57 pm

    #298154

    Can members of the securityadmin Server Role reset credential passwords, or do they need extra permissions (ALTER ANY CREDENTIAL) to do that?

  • May 14, 2015 at 3:13 pm

    #1798022

    Actually members of securityadmin can do anything I believe, as it is in their powers to elevate themselves to sysadmin...

    That aside, let's try it:

    CREATE CREDENTIAL credo WITH IDENTITY = 'ident', SECRET = 'Hemligt!'

    go

    CREATE LOGIN secadmin WITH PASSWORD = 'dfghhh'

    go

    ALTER SERVER ROLE securityadmin ADD MEMBER secadmin

    go

    EXECUTE AS LOGIN = 'secadmin'

    go

    ALTER CREDENTIAL credo WITH IDENTITY = 'newident', SECRET = 'Hemligare!'

    go

    REVERT

    go

    DROP LOGIN secadmin

    DROP CREDENTIAL credo

    Nope:

    Msg 15151, Level 16, State 1, Line 1

    Cannot alter the credential 'credo', because it does not exist or you do not have permission.

    [font="Times New Roman"]Erland Sommarskog, SQL Server MVP, www.sommarskog.se[/font]

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply