in
Eric Vaillancourt on SQL Server...
www.SQLProf.com » SQL Server » SQL Dev » Fine-grained Server Roles

Fine-grained Server Roles

Last post Fri, Oct 3 2008 1:09 PM by Eric Vaillancourt. 1 replies.
Page 1 of 1 (2 items)
Sort Posts: Previous Next

  • Wed, Oct 1 2008 4:35 PM

    • djobin
    • Top 50 Contributor
    • Joined on Wed, Oct 1 2008
    • Posts 1

    Fine-grained Server Roles

    Reply Contact

    Hi,

    I need to have a windows authenticated user who's able to create logins and grant database roles, and nothing else (no T-SQL on any object).

    Is it possible to grant ONLY those privileges to a database user ?

    I'm asking because for Oracle target environments, I used "grant CREATE USER to MyDomain\MyServiceAccount" and "grant GRANT ANY ROLE to MyDomain\MyServiceAccount". Is there some kind of equivalent in SQL Server 2005 ? I looked at ALTER ANY LOGIN, but that doesn't seem to be quite the right thing.

    By the way, I was directed to your forum by Mathieu Bégin who just followed your class and enjoyed it.

    Dominic
    Filed under: ,

  • Fri, Oct 3 2008 1:09 PM In reply to

    Re: Fine-grained Server Roles

    Reply Contact

    Hello Dominic,

    Yes it is possible, you need to create a stored proc with the execute as 'username' option.

    Look at this link: http://msdn.microsoft.com/en-us/library/ms188354.aspx

    You  can also grant the "ALTER ANY LOGIN" authorization to your user.

    Regards,

     

    Eric
Page 1 of 1 (2 items)
©2008 SQLProf.com & Eric Vaillancourt
Powered by Community Server (Non-Commercial Edition), by Telligent Systems