Hmmm, OK. I tried this:
CREATE LOGIN JoeDBA with password = 'xxx'
GO
GRANT ALTER ANY DATABASE TO JoeDBA
I then opened a new window, logging in as JoeDBA and ran:EXEC sys.sp_detach_db @dbname = 'Bob'
Got this:
Msg 916, Level 14, State 1, Line 1
The server principal "JoeDBA" is not able to access the database "Bob" under the current security context.
Then tried this in my sysadmin connection:USE bob
GO
CREATE USER JoeDBA FOR LOGIN JoeDBA
GO
ALTER ROLE db_owner ADD MEMBER JoeDBA
Returned to my JoeDBA connection and was able to detach the database.
ALTER ANY DATABASE is not sufficient, but db_owner for a db is. This means you'd need to ensure each login had that permission in each database to detach.
I also tried dbcreator and serveradmin (separately) for the login. neither allows me to detach a database. I suspect sysadmin OR db_owner in a specific database allow detaching. Of course, if you add the user to model and include db_owner, that would solve that permission set.