question

sqlLearner 1 avatar image
sqlLearner 1 asked

Database Permissions

I am trying to assign a login for a SQL instance to have enough permissions to add themselves as a user to a specific database without giving them full SA permissions to the instance. Is there a permission that will allow me to do this? The user has create any database permissions and creates the database in question. The user then performs an action and is removed but needs to be re-added back but does not have the permission. Currently I am creating the login with these permissions: CREATE LOGIN [testuser] FROM WINDOWS WITH DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english] GO DENY VIEW ANY DATABASE to [testuser] GO GRANT CREATE ANY DATABASE TO [testuser] GO
sql-servertsqlsecuritypermissionslogin
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
CirqueDeSQLeil avatar image
CirqueDeSQLeil answered
The security admin can create logins as you specify. The drawback is the role can create logins and should be treated as being equivalent to sa.
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

emil87b avatar image
emil87b answered
1. Put the logic in stored procedure and sign the procedure with a certificate 2. grant them a premission to execute procedure and this should do. more over here [ http://sommarskog.se/grantperm.html][1] [1]: http://sommarskog.se/grantperm.html
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.