Hi,
I'm using the 64-bit version of SQL Server 2005, SP2, on Windows
Server 2003 R2 X64 Enterprise Edition. I've got a bunch of users out
there who are the db_owner, db_accessadmin and db_securityadmin of
their different respective databases. I would expect that they would
be able to add users to their databases, given that a login exists on
the server. However, when they go to browse logins to add a user in
Management Studio, they are only shown a very short list (like,
themselves and sa, and that's it). We have hundreds of logins on the
server, and they should be able to add any one of them to their
databases if they wish. And if they try to type in the login name
directly, they get a permission denied error.
I am the system administrator, so thankfully I've not experienced this
problem, and I can add users for them. But I'd rather they be able to
do it themselves as they see fit. I have experimented by creating a
test SQL-authenticated login, and making it db_owner of a test
database. When I login with that test login and try to add a user, I
see the exact same behavior. The only logins viewable are my test
login and sa. The only other thing I can add is it's not just
occurring with the GUI interface; the same thing happens when I do a
direct query on the master.sys.syslogins view: I only see the same two
logins. So it appears it's happening at that level and the result
appears up in the GUI.
It appears this is a security/permissions thing. Anyone know if
there's a configuration setting or something that might be preventing
non-privileged users from being able to view all the server logins
when attempting to add users to their databases, in which they are
assigned the db_owner role?
Thanks
Gringo