Securityadmin server role permissions

  • Under SQL Server 2000, our corporate security group was granted the sysadmin role in order to managed logins and db access. In 2005, we would like to grant them the securityadmin role, however, when we grant a login this role, they can create a login, but cannot grant it db access or assign db_roles. BOL says that the secorityadmin role should be able to manage db access and roles. The error we get says that the securityadmin login cannot access a database under the current security context. Has anyone else had this problem, or are we missing something?

  • You add them to the security admin group in the database. That should be fine.

    Cheers,
    Sugeshkumar Rajendran
    SQL Server MVP
    http://sugeshkr.blogspot.com

  • In BOL it says:

    Members of the securityadmin fixed server role manage logins and their properties. They can GRANT, DENY, and REVOKE server-level permissions. They can also GRANT, DENY, and REVOKE database-level permissions. Additionally, they can reset passwords for SQL Server logins.

    Why, then, do we have to grant the login the db_securityadmin role in each database?

  • Is this sorted out or still having issues?

    Cheers,
    Sugeshkumar Rajendran
    SQL Server MVP
    http://sugeshkr.blogspot.com

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply