HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlModerate

What does role db_owner allow

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
whatdb_ownerroleallowdoes

Problem

I have been trying to troubleshoot a login that is not able to view certain tables in a SQL Server 2012 database. In doing so I find I don't quite understand what membership in the db_owner role allows. I can understand the other roles such as db_datareader and db_datawriter but I remain confused as to what db_owner allows.

Solution

Please see the reference on BOL for Database-Level Roles:

db_owner


Members of the db_owner fixed database role can perform all configuration and maintenance activities on the database, and can also drop the database.

The easiest way to see all of the permissions is to use the sys.fn_my_permissions() function. First verify you are a member of db_owner:

select
    rol.name
from sys.database_principals mem
inner join sys.database_role_members drm
on drm.member_principal_id = mem.principal_id
inner join sys.database_principals rol
on drm.role_principal_id = rol.principal_id
where mem.principal_id = user_id();


Now list out all of the effective database permissions:

select *
from sys.fn_my_permissions(null, 'database');


That should be granular enough for your purposes. Something to note, sys.fn_my_permissions() returns the effective permissions, so think of it as an aggregation.

Code Snippets

select
    rol.name
from sys.database_principals mem
inner join sys.database_role_members drm
on drm.member_principal_id = mem.principal_id
inner join sys.database_principals rol
on drm.role_principal_id = rol.principal_id
where mem.principal_id = user_id();
select *
from sys.fn_my_permissions(null, 'database');

Context

StackExchange Database Administrators Q#69135, answer score: 19

Revisions (0)

No revisions yet.