Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
asviap
Starting Member
2 Posts |
 Posted - 2004-10-22 : 07:46:46
|
| As far as i understand, it is not a good practice to have db_owner permission to the user in a database, but to give specific permission to the user. I would like to know the security issues caused due to the action of giving db_owner right to a user of the database. Thanks |
|
|
Kristen
Test
22859 Posts |
Posted - 2004-10-22 : 09:54:29
|
| db_ownerhas all permissions in the database. They can modify anything in the database - drop the tables, drop the database ...Kristen |
 |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-10-22 : 13:22:59
|
| db_owner is the role that should be used in a development environment for developers. But db_owner should never be used in a production environment especially not for your users or application accounts. Use stored procedures without dynamic SQL, then grant EXEC on those stored procedures to a role that you created. Within that role will contain whatever users need these permissions whether they be actual customers or application accounts.Tara |
|
|
|
|
|
|
db_owner permission to database user