Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

sp_addlogin/sp_adduser rights

Status
Not open for further replies.
TitleistDBA

TitleistDBA

IS-IT--Management
Apr 22, 2002
162
US
I have a user who wants to be able to add her own accounts to the sql server. The problem is as follows.
To execute sp_addlogin you must be an 'SA' or in the server security role. I don't mind adding this person to the sercurity role.
Once the login has been created the user needs to be added to the db role msrv_clerk.
like this exec sp_adduser 'login', 'msrv_clerk'

The problem is you must be an SA or dbo to exec the sp_adduser. I do not want to grant those rights to anybody.
Does anybody have a solution to this problem?
Thanks for the help.

 
Sort by date Sort by votes
Why does this person need to add users to the database? That's a DBA job for security reasons.

-SQLBill
 
Upvote 0 Downvote
I know, I'm the DBA and I would not have set this system up this way. This is an old system and they have had dbo rights for awhile now. They are not very happy that I have removed them. They said it would take to much time to call the helpdesk and open a ticket then wait for a DBA to add the user when they could just do it. I told them I would try to find a solution but if I couldn't they would have to go through me. ..Do you know of a solution.?

 
Upvote 0 Downvote
Here's a question. When they get someone new who needs a corporate login or email address, how do they obtain that? Do they create it themselves or do they "...call the helpdesk and open a ticket then wait for a[n] [admin] to add the user..."?

If I can find a way to make them happy without giving them unneeded rights, I'll post it.

-SQLBill
 
Upvote 0 Downvote
Have you thought about creating a app that creates the login? you could assign the app sa rights then give it the ability to create it in the correct database. Make sure you change the database names to something different on thier selection list. I would also add some functionality to set up an alert or an email when one is made. Or just write a log somewhere of new ones and check it.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jsteph
  • Locked
  • Question
Database Mail--rights needed? 1
Replies
3
Views
103
SQLBill
SQLBill
andreis
  • Locked
  • Question
Read rights to one table only 1
Replies
1
Views
97
danvlas
danvlas
bluecjh
  • Locked
  • Question
restricting rights
Replies
3
Views
71
bluecjh
bluecjh
divinyl
  • Locked
  • Question
Since when does ODBC connection require SA rights
Replies
6
Views
129
divinyl
divinyl
YoelBenYossef
  • Locked
  • Question
Rights and permissions
Replies
4
Views
75
Catadmin
Catadmin

Part and Inventory Search

Sponsor

Back
Top