THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Uri Dimant

Be careful to grant dbCreator server role to the user

It is common that vendors ask for permission to create databases (or they applications need to create database) on your servers and most of DBAs I have seen immediately grant them dbCreator server role. But they are not aware that members of that role are able to DROP/ALTER any databases on the entire server regardless of whether or not you even have a user account in the database.Did you really want that?

The right approach is to grant CREATE ANY DATABASE permission and then the user is able to DROP/ALTER he/she owns.
Published Thursday, September 02, 2010 5:37 AM by Uri Dimant

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

NItin said:

Thats what dbowner role is for, isnt it?

October 20, 2010 1:27 AM

Leave a Comment

(required) 
(required) 
Submit

About Uri Dimant

Uri Dimant
Powered by Community Server (Commercial Edition), by Telligent Systems
  Privacy Statement