I want to assign granular permissions to a login user, so that he can create and alter any other login user.
I have already granted "manage any login" privileges to a user using following command:
grant manage any login to 'username'.
But this user is not able to create other login users as a user with SSO role can. When trying to create logins with sp_addlogin procedure it throws an error "You should have 'manage any login' permissions to execute this ".
If you run sp_helprotect on this user, does the output show "manage any login" as being granted? i.e. there should be an entry that looks like this:
1> grant manage any login to joeuser 2> go
1> sp_helprotect joeuser
2> go
grantor grantee type action object
column predicate grantable
------- ------- ----- ---------------- ----------------------------------
----------------- --------- ---------
dbo joeuser Grant Manage Any Login All NULL FALSE dbo public Grant Execute dbo.mon_rpc_attach
All NULL FALSE
dbo public Grant Execute dbo.sp_autoformat
All NULL FALSE
[...]-bret
Add comment