Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

db_owner role can't manage users/roles?

Status
Not open for further replies.
bdc1

bdc1

Technical User
Jun 29, 2004
12
US
I seem to be having trouble understanding how the db_owner role works. It doesn't seem hard, as all of the documentation says that users assigned to this role have all permissions in the database.

I have two people assigned to this and they can do everything except manage users and roles. For example when they try to look at the properties of a role in Enterprise Manager they get the following error message:

Error229: EXECUTE permission denied on object ‘sp_helprolemember’, database ‘master’, owner dbo

In master, the public role has permission to execute sp_helprolemember and both of these users are members of the public role in master.

I also tried adding them to the db_accessadmin and db_securityadmin roles in addition to the db_owner role.

They are also members of the securityadmin server role.

Any suggestions?


 
Sort by date Sort by votes
the db_owner role can do everything on the database, not the Server itself. If they need to manage users and roles, they need to be members of the fixed server role securityadmin. db roles are specific to a database. If after adding them to the securityadmin role and they are still unable to manage users, ask them to log off windows and log back in.
 
Upvote 0 Downvote
From my original post: They are also members of the securityadmin server role.

They have logged in and out of windows numerous times since being added to the db_owner group as this occurred several months ago. It's only been recently that they have needed to take over active management of users and roles.

It was my understanding that roles are specific to the database as are users. It is logins that are server wide. From BOL:

db_accessadmin (fixed database role) - Can add or remove user IDs

db_securityadmin (fixed database role) - Can manage all permissions, object ownerships, roles and role memberships.

securityadmin (fixed server role) - Can manage logins and CREATE DATABASE permissions, also read error logs and change passwords.
 
Upvote 0 Downvote
bdc1,

Please don't cross post....you also posted this question in THREAD962-1050759.

-SQLBill

Posting advice: FAQ481-4875
 
Upvote 0 Downvote
Sorry - I realized this morning that I had posted this in the wrong forum.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Andrzejek
  • Locked
  • Question
Eliminate pesky [ ] in SQL Management Studio
Replies
5
Views
260
SaltyTheFrog
SaltyTheFrog
Andrzejek
  • Locked
  • Question
Management Studio behavior question 1
Replies
3
Views
152
MarkSweetland
MarkSweetland
asmall
  • Locked
  • Question
Users Not Assigned to a Group
Replies
1
Views
49
johnherman
johnherman
PeDa
  • Locked
  • Question
Identfying current users of database
Replies
4
Views
38
PeDa
PeDa
murphyhg
  • Locked
  • Question
Grant user role to only select view and nothing else
Replies
1
Views
66
NoCoolHandle
NoCoolHandle

Part and Inventory Search

Sponsor

Back
Top