DB_DDLAdmin Role in SQL

Hello:

I have read that giving a User the DB_DDLAdmin role in SQL might causes problems with ownership chains in the future. Since the User will have ownership to all objects created, what preventive measures can one take to help avoid any problems which might loom in the distant future due to ownership chains?

Thank you,

-H

Hi WebD,

A user with db_ddladmin role just means that the user is authorized to run any DDL (data defination language) command in the database. So, based on my understanding, I don't think it will cause server security troubles in the distance futer. As to database security configurations, I think the best practices are to avoid assigning server roles to users but instead, assigning database levels to users to make sure users are only authorized to some particular databases and not the whole databases installed in your instance.

You can refer to this article for more detailed information and better explanation:http://www.sql-server-performance.com/articles/dba/sql_security_p1.aspx

Hope my suggestion helps

This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

sql