A outside vendor has a SQL user with db_owner
rights on two databases, live and training. From time to time they would like to be able to backup live and restore on top of training. The easiest thing would be to grant them the server role dbcreator
but that would allow them to drop databases they wouldn't normally have access to. Right now they can make the backup from live but restoring to training they get:
A exception occurred while executing a Transact-SQL statement or batch:
CREATE DATABASE permission denied in database 'master'
RESTORE HEADERONLY is terminating abnormally
Is there a way to give this user access to restore the database without giving them the server role dbcreator
or giving them that permission but then limiting the scope to only the two databases they should have access to?
Best Answer
You can do this by guaranteeing that the account vendor is using does not have a corresponding user in any databases other than these two.
CREATE ANY DATABASE
will give the vendor privilege to do the required restore.The following code will demonstrate that the user
vendor
cannot drop databases.