November 21, 2008 at 2:01 pm
i got a change request for a user saying he needs "GRANT" permissions on a db so that he can grant other users some roles if he wants. I went to the db and den security under db,then users..i selected the user name and below that i gave him authentication and control..then the user told me saying he is able to GRANT permissions..is it right wat i did...if he is a db_owner can he do anything to the db..please correct me if im wrong..thx
November 24, 2008 at 10:51 am
You should add the user to the database role db_securityadmin.
From BOL: Members of the db_securityadmin fixed database role can modify role membership and manage permissions.
[font="Verdana"]Markus Bohse[/font]
November 25, 2008 at 7:57 am
thanks for the reply...the procedure which i did mention is it wrong?...the user says he is able to grant permissions to the other users..please clarify..
November 25, 2008 at 8:08 am
iqtedar (11/25/2008)
thanks for the reply...the procedure which i did mention is it wrong?...the user says he is able to grant permissions to the other users..please clarify..
By gicing your user CONTROL pemission, you basically made him db_owner. Using a built-in role is much easier and safer. By using this role your sure that you don't accidentally give more permissions than necessary.
[font="Verdana"]Markus Bohse[/font]
November 25, 2008 at 8:12 am
ok ..i will go and change it..thx..and wat does aunthentication gives?.
November 25, 2008 at 9:15 am
Authenticate is used for the Execute As clause. It basically gives you the right to act as another user.
See here for more details:
http://msdn.microsoft.com/en-us/library/ms188304(SQL.90).aspx
[font="Verdana"]Markus Bohse[/font]
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply