SQL Server Permissions – Minimum Permission to Execute sp_changedbowner SP

amazon-rdsawspermissionssql serversql-server-2008

Is db_owner permission sufficient to execute sp_changedbowner?

I'm looking to change the database owner of a RDS SQL instance. I'm the owner of the DB, and still couldn't execute sp_changedbowner as master user.

I would like to know what the minimum permissions are to execute sp_changedbowner or ALTER AUTHORIZATION commands.

Best Answer

_{Community wiki answer:}

From ALTER AUTHORIZATION (Transact-SQL):

Requires TAKE OWNERSHIP permission on the entity. If the new owner is not the user that is executing this statement, also requires either, 1) IMPERSONATE permission on the new owner if it is a user or login; or 2) if the new owner is a role, membership in the role, or ALTER permission on the role; or 3) if the new owner is an application role, ALTER permission on the application role.

There may be additional considerations in the AWS RDS world.

Note that sp_changedbowner is deprecated in favour of ALTER AUTHORIZATION. The sp_changedbowner documentation says:

Requires TAKE OWNERSHIP permission on the database. If the new owner has a corresponding user in the database, requires IMPERSONATE permission on the login, otherwise requires CONTROL SERVER permission on the server.

Related Solutions

Sql-server – Permission to create Spatial Index

Microsoft connect ticket was resolved with wording changed:

Please refer to link below (changes have not been made on BOL yet, 1 dec)

https://connect.microsoft.com/SQLServer/feedback/details/706766/books-online-suggested-permission-to-create-spatial-index-incorrect

SQL Server – How to Grant Execute Permission for a Single Stored Procedure

GRANT EXECUTE ON dbo.procname TO username;

Best Answer

Related Solutions

Sql-server – Permission to create Spatial Index

SQL Server – How to Grant Execute Permission for a Single Stored Procedure

Related Question