because your obiwan user is going to be creating logins and also executing AS., it needs to be a sysadmin(for CREATE LOGIN) and db owner in the database (for CREATE USER)
this is exactly how i would script my super user in this case, and i'm assuming the database name here is [Sandbox], where yours is most likely something else:
--create our super user
CREATE LOGIN [Obewan] WITH PASSWORD=N'NotARealPassword',
DEFAULT_DATABASE=[master], CHECK_EXPIRATION=ON, CHECK_POLICY=ON;
GO
--make our special user a sysadmin
EXEC master..sp_addsrvrolemember @loginame = N'Obewan', @rolename = N'sysadmin';
GO
--noone will ever login with this, it's used for EXECUTE AS, so disable the login.
ALTER LOGIN [Obewan] DISABLE;
GO
USE [SandBox];
GO
CREATE USER [Obewan] FOR LOGIN [Obewan];
GO
USE [SandBox];
GO
EXEC sp_addrolemember N'db_owner', N'Obewan';
GO
Lowell