Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
kukstern
Starting Member
6 Posts |
 Posted - 2010-08-19 : 04:00:00
|
| HiMy consultant needs this: "The login we have on the sql server doesn't allow us to create a new login (want to use impersonation on the web app)"Right now they have dbcreator and public, what more do they need?We have other db's they not are allowed to access, so full rights are not a solution.I'm a total newbie, so be gentle :-)/K. |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2010-08-19 : 05:40:21
|
| ask them to provide the login details to you and create them :)--------------------keeping it simple... |
 |
|
|
kukstern
Starting Member
6 Posts |
Posted - 2010-08-19 : 06:49:31
|
quote:
Originally posted by jen
ask them to provide the login details to you and create them :)
I'll prefer to give them the permission/K. |
|
|
|
GilaMonster
Master Smack Fu Yak Hacker
4507 Posts |
Posted - 2010-08-19 : 10:23:49
|
| You want to give an external person enough permissions to create logins for anyone he wants? You're more trusting than almost all of my clients. :-)If this is SQL 2005+, creating a login requires ALTER ANY LOGIN or ALTER LOGIN permission on the server. (straight from Books Online). That will just allow the creation of the login, it won't allow them to assign permissions.Do note that ALTER ANY LOGIN grants permission to create, alter, or drop any login in the instance. That includes changing passwords of logins that may have access to the databases that you don't want the consultant to see.--Gail ShawSQL Server MVP |
|
|
|
kukstern
Starting Member
6 Posts |
Posted - 2010-08-20 : 02:23:14
|
| Maybe the best way is to do it like Jen said :-)I'll ask for what they need, and try to create it.But the only permissions I know to set, is the 10 differences in the Server Roles. The "Alter Any Login" I don't know where to set, and I haven't got the time to read a manual about SQL 2008. I simply haven't got a basic knowledge about it :-(/K. |
|
|
|
GilaMonster
Master Smack Fu Yak Hacker
4507 Posts |
Posted - 2010-08-20 : 04:08:14
|
| Easiest way it to run a scriptGRANT ALTER ANY LOGIN to LoginNamewhere LoginName is the login that's getting the permission The server role you'd need to set to do the same is security admin, and that gives permission to create logins and grant them any permissions (up to and including sysadmin). Hence it can be considered full control.Is there a DBA who does know SQL there? If so, delegate the task--Gail ShawSQL Server MVP |
|
|
|
|
|
|
|
|
External consultant permission to create login