How to restrict permissions to a single database

I need to create a SQL user account (from a domain account) that has full access to do anything they want to new databases. They should be able to create, update, add, delete, backup, etc... any database as long as they are not explicitly denied access. I want to be able to selectively deny ALL access to certain databases. Is this possible? If so, how?
LVL 21
Russ SuterAsked:
Who is Participating?
Kyle AbrahamsSenior .Net DeveloperCommented:
There is no explicit deny.  The best way to achieve this would be to do the following:  

Give them db_creator writes.  db_creator allows users to create dbs and when you create a db you're automatically DBO (so they can modify the db.)  

Grant DBO to exisiting dbs which are needed.

Optional Security: Deny datareader/writer to any dbs that they shouldn't have access to.

If you give them security admin or sa then they could overwrite any options you choose.

Dont know if this idea fits your requirements completely; but you can do this by making this account dbo on the db's you wish; then in sql server properties (SSMS, R/Click, Props on the servername), select properties; find the user and hit 'Deny any database'

Russ SuterAuthor Commented:
Both good suggestions. Thanks
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.