Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

db_dataowner priveleges

Can I ask for some specific scenarios when a user would require db_dataowner privileges? I am looking at security permissions and have quite a number of users with db_dataowner over a few databases, but before asking for that to be removed, it would help knowing any particular reasons why that level of access may be required. For info none of the users are DBA's! But some do have systems admin responsibility for the over-arching applications which use these databases for records storage.
Avatar of dfke


users with the db_owner role can basically do anything with the database, alter users roles and even remove it. The sysadmin role sits on top of that and doesn't need to have db_owner privileges. Regular users should not be a member of this role. Just give db_read and db_write so those users are able to alter data.


I think you need to look at the applications that they use and what functionality they have in the DB. This could have been someone who didn't want to go into the trouble of securing the application properly if users are authenticated directly to the DB. If each user that is granted to the application has an account on the DB, then to make sure they can work properly, you'd need to setup correct permissions for them to read/write data, execute stored procedures and access views and functions.
Avatar of Jose Torres
Jose Torres
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial