It is common that vendors ask for permission to create databases (or they applications need to create database) on your servers and most of DBAs I have seen immediately grant them dbCreator server role. But they are not aware that members of that role are able to DROP/ALTER any databases on the entire server regardless of whether or not you even have a user account in the database.Did you really want that?
The right approach is to grant CREATE ANY DATABASE permission and then the user is able to DROP/ALTER he/she owns.
If you would like to receive an email when updates are made to this post, please register here
Subscribe to this post's comments using
About Uri Dimant