Home Forums SQL Server 2008 SQL Server 2008 - General Minimum rights required to add users to a DB RE: Minimum rights required to add users to a DB

  • July 10, 2013 at 7:54 am

    #1631234

    because your obiwan user is going to be creating logins and also executing AS., it needs to be a sysadmin(for CREATE LOGIN) and db owner in the database (for CREATE USER)

    this is exactly how i would script my super user in this case, and i'm assuming the database name here is [Sandbox], where yours is most likely something else:

    --create our super user

    CREATE LOGIN [Obewan] WITH PASSWORD=N'NotARealPassword',

    DEFAULT_DATABASE=[master], CHECK_EXPIRATION=ON, CHECK_POLICY=ON;

    GO

    --make our special user a sysadmin

    EXEC master..sp_addsrvrolemember @loginame = N'Obewan', @rolename = N'sysadmin';

    GO

    --noone will ever login with this, it's used for EXECUTE AS, so disable the login.

    ALTER LOGIN [Obewan] DISABLE;

    GO

    USE [SandBox];

    GO

    CREATE USER [Obewan] FOR LOGIN [Obewan];

    GO

    USE [SandBox];

    GO

    EXEC sp_addrolemember N'db_owner', N'Obewan';

    GO

    Lowell

    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!