May 3, 2017 at 9:15 am
Hi Team,
I like to confirm if you have a login with 'securityadmin' server role, would that enough to manage all user mgmt. activity at instance level as well as database level?
Or does that login need to be mapped to each database and assign db_securityadmin as well?
Please advise. Thanks.
Regards,
SQLisAwe5oMe.
May 3, 2017 at 12:10 pm
Funny thing... documentation seems to say that SECURITYADMIN would be enough to perform database level permissions:
https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/server-level-roles
but I tried it out in a sandbox environment without db_securityadmin, and when my test user tried to setup a new user in a database or assign permissions in a database it was denied.
However, someone with the SECURITYADMIN role could give themselves or someone else extra permissions at the instance, so it doesn't seem any real benefit to use SECURITYADMIN over SYSADMIN.
May 8, 2017 at 11:47 am
SQLisAwE5OmE - Wednesday, May 3, 2017 9:15 AMHi Team,I like to confirm if you have a login with 'securityadmin' server role, would that enough to manage all user mgmt. activity at instance level as well as database level?
Or does that login need to be mapped to each database and assign db_securityadmin as well?
Please advise. Thanks.
The login would also need the minimum permission inside the database they are attempting to grant another access too.
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply