RE: Securityadmin server role permissions

Brian Brown-204626

Hall of Fame

Points: 3211

February 28, 2008 at 9:19 am

In BOL it says:

Members of the securityadmin fixed server role manage logins and their properties. They can GRANT, DENY, and REVOKE server-level permissions. They can also GRANT, DENY, and REVOKE database-level permissions. Additionally, they can reset passwords for SQL Server logins.

Why, then, do we have to grant the login the db_securityadmin role in each database?