Jeff Moden (8/9/2014)

---

GilaMonster (8/9/2014)

---

sqlfriends (8/8/2014)

---

But my question is why bother to grant all these permssions, but just grant this account db_owner role. Becaue it pretty much need all the permissions: read, write, and excute.

And permission to change the schema, drop tables, add users, add permissions, drop the database. None of which your application probably needs.

Principle of Lease Privilege. An app's login should have the minimum permissions it needs to do it's job and nothing else.

For me, that means that the app login has no privs other than PUBLIC and the privs to execute certain stored procedures.

Of course, in real life, we never reach that particular bit of security Nirvana. Instead, we end up catering to people that don't understand and spending proverbial mega-bucks on things like penetration testing. :pinch: