I'm trying to assign a proper GRANT permission to CI login, that will be able to:
- Create test DB
- Alter it
- Drop this test DB (and only it)
But it appears that SQL Server 2012 GRANT CREATE ANY DATABASE
only allows the creation, not the altering and dropping of the database (as the newly database does not hold the creator as dbo).
As just giving a sysadmin role is too large of a security risk, any idea what other GRANTS are required?
Best Answer
First you have to
Create Login with create database permission. Note that the login cannot drop any databases.
Map the login to the database that you want to have permission to alter or drop.
Add the user to the
db_owner
role.Now test it for create / alter and drop :
Try to drop some other db :
Below is the error :