What is the CONTROL permission? from Blog Posts – SQLServerCentral

One of the most powerful permissions available in SQL Server is control. But what exactly … Read more What is the CONTROL permission? from Blog Posts – SQLServerCentral

One of the most powerful permissions available in SQL Server is control. But what exactly is it? Per BOL[1]:

CONTROL: Confers ownership-like capabilities on the grantee.

https://docs.microsoft.com/en-us/sql/relational-databases/security/permissions-database-engine?view=sql-server-ver15#_conventions[2]

Ownership-like. So not quite ownership. In essence if you have the control permission you have every stated permission to the object. This includes the ability to grant permissions to others (probably the most dangerous permission you can grant). So what makes it ownership-like? Simply this. You can’t grant ownership. Control at the instance allows you to do pretty much anything you like, but not add someone to the sysadmin role. Control at the database level lets you do anything to the database you want, incuding dropping it!, but you can’t add someone to the db_owner role or make them the dbo of the database.

The last thing I’ll say on the subject, is that this is a very powerful permission (obviously) and anyone who has it should be treated just like any of the other administrative principals[3].

The post What is the CONTROL permission?[4] appeared first on SQLServerCentral[5].


Source: Programming News



Leave a Reply

Your email address will not be published. Required fields are marked *