April 24, 2008 at 12:37 pm
we have a tech department that adding new databases (restore from a backup), creating new logins and
assigning deferent database roles to those logins.
They used to have a sys admin role assigned on the system. They are using a windows account to connect.
I am planning to revoke that sa privilege from them and gave them dbcreator server account rights.
Apparently it's not enough. Any suggestions?
thank you
April 24, 2008 at 2:33 pm
they will need server role securityadmin as well to create the logins.
If they all login as part of the same windows group they will own the databases they create and be able to do whatever within them.
If they have seperate ids grant them the fixed database roles db_accessadmin and dn_securityadmin within relevant databases
---------------------------------------------------------------------
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply