Re: system administrators role and dbo rights

27/03/2008, 09h00

Ok, I see what is happening. As a sysadmin login, you are "considered" dbo everywhere you go. So
Enterprise Manager will display you as sysadmin even if you really aren't sysadmin. Does that make
sense?

--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi

"Jason" <Jason@discussions.microsoft.com> wrote in message
news:0F86EBCD-92F2-48AF-A5F9-7E2CB2236815@microsoft.com...
> Hi Tibor
>
> To clarify: on the properties of the BUILTIN\Administrators login, on the
> database access tab. I see a check box in the permit column for every db and
> the user column shows "dbo". However the actual dbo for the database is some
> other login. This doesn't seem correct.
> Below in the database roles for 'xyz' section, the login has public and
> db_owner checked for every db. This seems redundant, the
> BUILTIN\Administrators has the system admin role, so doesn't that db_owner
> rights for each db is implied.
>
>
> "Tibor Karaszi" wrote:
>
>> >I noticed that the built in admin account is given sysadmin role, but it is
>> > also given dbo on every database.
>>
>> That last part doesn't make sense to me. Dbo is the login that owns a database. So, you can't
>> "give
>> someone dbo". Either you mean that some user is a member of the db_owner role or perhaps the GUI
>> show somebody who is sysadmin to also "be dbo" which would the GUI confusing us a bit.
>>
>>
>> > When I add the new group of dbas to replace the built-in admin group, I only
>> > need to give it the sysadmin role, correct?
>>
>> Yes, correct. :-)
>>
>> --
>> Tibor Karaszi, SQL Server MVP
>> http://www.karaszi.com/sqlserver/default.asp
>> http://sqlblog.com/blogs/tibor_karaszi
>>
>>
>> "Jason" <Jason@discussions.microsoft.com> wrote in message
>> news:77E16575-7CDA-46AC-AAB3-5417095B6CC2@microsoft.com...
>> >I noticed that the built in admin account is given sysadmin role, but it is
>> > also given dbo on every database. Isn't this redundant? I thought sysadmin
>> > role automatically gives a user dbo rights on any db it uses.
>> >
>> > When I add the new group of dbas to replace the built-in admin group, I only
>> > need to give it the sysadmin role, correct?
>> >
>>

28/03/2008, 13h56

thanks tibor

"Tibor Karaszi" wrote:

> Ok, I see what is happening. As a sysadmin login, you are "considered" dbo everywhere you go. So
> Enterprise Manager will display you as sysadmin even if you really aren't sysadmin. Does that make
> sense?
>
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://sqlblog.com/blogs/tibor_karaszi
>
>
> "Jason" <Jason@discussions.microsoft.com> wrote in message
> news:0F86EBCD-92F2-48AF-A5F9-7E2CB2236815@microsoft.com...
> > Hi Tibor
> >
> > To clarify: on the properties of the BUILTIN\Administrators login, on the
> > database access tab. I see a check box in the permit column for every db and
> > the user column shows "dbo". However the actual dbo for the database is some
> > other login. This doesn't seem correct.
> > Below in the database roles for 'xyz' section, the login has public and
> > db_owner checked for every db. This seems redundant, the
> > BUILTIN\Administrators has the system admin role, so doesn't that db_owner
> > rights for each db is implied.
> >
> >
> > "Tibor Karaszi" wrote:
> >
> >> >I noticed that the built in admin account is given sysadmin role, but it is
> >> > also given dbo on every database.
> >>
> >> That last part doesn't make sense to me. Dbo is the login that owns a database. So, you can't
> >> "give
> >> someone dbo". Either you mean that some user is a member of the db_owner role or perhaps the GUI
> >> show somebody who is sysadmin to also "be dbo" which would the GUI confusing us a bit.
> >>
> >>
> >> > When I add the new group of dbas to replace the built-in admin group, I only
> >> > need to give it the sysadmin role, correct?
> >>
> >> Yes, correct. :-)
> >>
> >> --
> >> Tibor Karaszi, SQL Server MVP
> >> http://www.karaszi.com/sqlserver/default.asp
> >> http://sqlblog.com/blogs/tibor_karaszi
> >>
> >>
> >> "Jason" <Jason@discussions.microsoft.com> wrote in message
> >> news:77E16575-7CDA-46AC-AAB3-5417095B6CC2@microsoft.com...
> >> >I noticed that the built in admin account is given sysadmin role, but it is
> >> > also given dbo on every database. Isn't this redundant? I thought sysadmin
> >> > role automatically gives a user dbo rights on any db it uses.
> >> >
> >> > When I add the new group of dbas to replace the built-in admin group, I only
> >> > need to give it the sysadmin role, correct?
> >> >
> >>
>
>
>

27/03/2008, 09h00	#1
Tibor Karaszi Messages: n/a Hébergeur:	Re: system administrators role and dbo rights Ok, I see what is happening. As a sysadmin login, you are "considered" dbo everywhere you go. So Enterprise Manager will display you as sysadmin even if you really aren't sysadmin. Does that make sense? -- Tibor Karaszi, SQL Server MVP http://www.karaszi.com/sqlserver/default.asp http://sqlblog.com/blogs/tibor_karaszi "Jason" <Jason@discussions.microsoft.com> wrote in message news:0F86EBCD-92F2-48AF-A5F9-7E2CB2236815@microsoft.com... > Hi Tibor > > To clarify: on the properties of the BUILTIN\Administrators login, on the > database access tab. I see a check box in the permit column for every db and > the user column shows "dbo". However the actual dbo for the database is some > other login. This doesn't seem correct. > Below in the database roles for 'xyz' section, the login has public and > db_owner checked for every db. This seems redundant, the > BUILTIN\Administrators has the system admin role, so doesn't that db_owner > rights for each db is implied. > > > "Tibor Karaszi" wrote: > >> >I noticed that the built in admin account is given sysadmin role, but it is >> > also given dbo on every database. >> >> That last part doesn't make sense to me. Dbo is the login that owns a database. So, you can't >> "give >> someone dbo". Either you mean that some user is a member of the db_owner role or perhaps the GUI >> show somebody who is sysadmin to also "be dbo" which would the GUI confusing us a bit. >> >> >> > When I add the new group of dbas to replace the built-in admin group, I only >> > need to give it the sysadmin role, correct? >> >> Yes, correct. :-) >> >> -- >> Tibor Karaszi, SQL Server MVP >> http://www.karaszi.com/sqlserver/default.asp >> http://sqlblog.com/blogs/tibor_karaszi >> >> >> "Jason" <Jason@discussions.microsoft.com> wrote in message >> news:77E16575-7CDA-46AC-AAB3-5417095B6CC2@microsoft.com... >> >I noticed that the built in admin account is given sysadmin role, but it is >> > also given dbo on every database. Isn't this redundant? I thought sysadmin >> > role automatically gives a user dbo rights on any db it uses. >> > >> > When I add the new group of dbas to replace the built-in admin group, I only >> > need to give it the sysadmin role, correct? >> > >>

28/03/2008, 13h56	#2
Jason Messages: n/a Hébergeur:	Re: system administrators role and dbo rights thanks tibor "Tibor Karaszi" wrote: > Ok, I see what is happening. As a sysadmin login, you are "considered" dbo everywhere you go. So > Enterprise Manager will display you as sysadmin even if you really aren't sysadmin. Does that make > sense? > > -- > Tibor Karaszi, SQL Server MVP > http://www.karaszi.com/sqlserver/default.asp > http://sqlblog.com/blogs/tibor_karaszi > > > "Jason" <Jason@discussions.microsoft.com> wrote in message > news:0F86EBCD-92F2-48AF-A5F9-7E2CB2236815@microsoft.com... > > Hi Tibor > > > > To clarify: on the properties of the BUILTIN\Administrators login, on the > > database access tab. I see a check box in the permit column for every db and > > the user column shows "dbo". However the actual dbo for the database is some > > other login. This doesn't seem correct. > > Below in the database roles for 'xyz' section, the login has public and > > db_owner checked for every db. This seems redundant, the > > BUILTIN\Administrators has the system admin role, so doesn't that db_owner > > rights for each db is implied. > > > > > > "Tibor Karaszi" wrote: > > > >> >I noticed that the built in admin account is given sysadmin role, but it is > >> > also given dbo on every database. > >> > >> That last part doesn't make sense to me. Dbo is the login that owns a database. So, you can't > >> "give > >> someone dbo". Either you mean that some user is a member of the db_owner role or perhaps the GUI > >> show somebody who is sysadmin to also "be dbo" which would the GUI confusing us a bit. > >> > >> > >> > When I add the new group of dbas to replace the built-in admin group, I only > >> > need to give it the sysadmin role, correct? > >> > >> Yes, correct. :-) > >> > >> -- > >> Tibor Karaszi, SQL Server MVP > >> http://www.karaszi.com/sqlserver/default.asp > >> http://sqlblog.com/blogs/tibor_karaszi > >> > >> > >> "Jason" <Jason@discussions.microsoft.com> wrote in message > >> news:77E16575-7CDA-46AC-AAB3-5417095B6CC2@microsoft.com... > >> >I noticed that the built in admin account is given sysadmin role, but it is > >> > also given dbo on every database. Isn't this redundant? I thought sysadmin > >> > role automatically gives a user dbo rights on any db it uses. > >> > > >> > When I add the new group of dbas to replace the built-in admin group, I only > >> > need to give it the sysadmin role, correct? > >> > > >> > > >

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email