THE SQL Server Blog Spot on the Web

Welcome to - The SQL Server blog spot on the web Sign in | |
in Search

Uri Dimant

Be careful to grant dbCreator server role to the user

It is common that vendors ask for permission to create databases (or they applications need to create database) on your servers and most of DBAs I have seen immediately grant them dbCreator server role. But they are not aware that members of that role are able to DROP/ALTER any databases on the entire server regardless of whether or not you even have a user account in the database.Did you really want that?

The right approach is to grant CREATE ANY DATABASE permission and then the user is able to DROP/ALTER he/she owns.
Published Thursday, September 2, 2010 5:37 AM by Uri Dimant



NItin said:

Thats what dbowner role is for, isnt it?

October 20, 2010 1:27 AM

Riddhi said:

How to give create any database permission to a user.

Can you explain step by step process

September 1, 2015 9:19 AM

Hany Helmy said:

@ Riddhi:

1. In Object Explorer, right-click the top-level server instance, and click


2. In the Server Properties dialog box, select the Permissions page.

3. Under Logins or roles, select the required user.

4. On the Explicit tab, select the Grant option for Create any database, then click OK.

January 6, 2016 4:51 AM

Bart Welvaert said:


Thanks for this comment/advice Uri.

I immediately changed the setup of our SQL as per your suggestion.


June 11, 2017 5:35 AM
New Comments to this post are disabled

About Uri Dimant

Uri Dimant
Privacy Statement