it might not be obvious;
for example, if it's a windows account, ie mydomain\lowell has too much access, it's probably because i'm in a windows group
that has direct or implied access
SQL 2000 still uses the Builtin\Administrators group, so it might be the user is a local admin on the box, which auto-magically grants sysadmin..
it might be a domain group.
you can check that with an extended stored procedure:
modify either of these commands to check a specific user, or a group:
EXEC master..xp_logininfo @acctname = 'mydomain\lowell',@option = 'all' -- Show all paths a user gets his auth from
EXEC master..xp_logininfo @acctname = 'mydomain\authenticatedusers',@option = 'members' -- show group members
--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!