February 14, 2017 at 7:28 am
Hi,
I hae a project to automatically assign permissions to users if there is any database release. I would like to add the account to the application and this account should have permissions to grant other users data_reader, data_writer,ddlAdmin or db_owner permissions on individual databases. I was wondering what permissions this account should have to grant other users permissions to databases ?
Please let me know if you need more details.
Thanks in advance
February 14, 2017 at 8:55 am
Didn't you ask that question here? https://www.sqlservercentral.com/Forums/1841691/User-permission-to-grant-access
You have answers to that question there already, what's wrong with those? If you have further questions, you should reply to your existing topic, rather than start a new one.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
February 14, 2017 at 9:45 am
Thom A - Tuesday, February 14, 2017 8:55 AMDidn't you ask that question here? https://www.sqlservercentral.com/Forums/1841691/User-permission-to-grant-accessYou have answers to that question there already, what's wrong with those? If you have further questions, you should reply to your existing topic, rather than start a new one.
Sorry. I lost track of it and also answers in that thread assigning db_securityadmin is unable to grant db_owner permissions on databases. do you want me to close this and continue other thread ?
February 14, 2017 at 10:41 am
Robin35 - Tuesday, February 14, 2017 9:45 AMThom A - Tuesday, February 14, 2017 8:55 AMDidn't you ask that question here? https://www.sqlservercentral.com/Forums/1841691/User-permission-to-grant-accessYou have answers to that question there already, what's wrong with those? If you have further questions, you should reply to your existing topic, rather than start a new one.
Sorry. I lost track of it and also answers in that thread assigning db_securityadmin is unable to grant db_owner permissions on databases. do you want me to close this and continue other thread ?
The only users who can assign the db_owner role is a user who is db_owner. And a db_owner can do what ever they like in that database.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
February 14, 2017 at 10:47 am
Robin35 - Tuesday, February 14, 2017 9:45 AMThom A - Tuesday, February 14, 2017 8:55 AMDidn't you ask that question here? https://www.sqlservercentral.com/Forums/1841691/User-permission-to-grant-accessYou have answers to that question there already, what's wrong with those? If you have further questions, you should reply to your existing topic, rather than start a new one.
Sorry. I lost track of it and also answers in that thread assigning db_securityadmin is unable to grant db_owner permissions on databases. do you want me to close this and continue other thread ?
providing grant with grant to these permissions is a massive security risk, do you absolutely trust these accounts is the first question?
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
February 14, 2017 at 11:41 am
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
February 14, 2017 at 12:37 pm
Thom A - Tuesday, February 14, 2017 8:55 AMDidn't you ask that question here? https://www.sqlservercentral.com/Forums/1841691/User-permission-to-grant-accessYou have answers to that question there already, what's wrong with those? If you have further questions, you should reply to your existing topic, rather than start a new one.
Sorry. I lost track of it and also answers in that thread assigning db_securityadmin is unable to grant db_owner permissions on databases. do you want me to close this and continue other thread ?
ok thanks everyone. We maintain and own the account, so password for this account is stored securely. We only grant dbo permissions when there is a release, once the release is complete we will revoke it from application based on the release duration provided by the application team. Whole purpose of this project is to automate the permission grating stuff.
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply