db_owner vs administrator privileges

1125
4
07-24-2017 03:13 PM
Highlighted
Regular Contributor

I am using ArcGIS 10.2.2 with SQL Server 2008 R2. I am using Database Authentication. I do not want the people who connect to our Enterprise Geodatabase to connect using the administrator username and password. I have them connect using their standard network login credentials such as when they login into their work PCs to get onto the network. 

Like the rest of my users, I log in using my standard network credentials (not the administrator username and password). I have been assigned the Privilege (done using SQL Server Management Studio) db_owner. But, when I go into ArcCatalog and right click on a Feature Dataset - Manage, all the options are grayed out (see attached). However, when I log in with the Administrator username and password, these same options are NOT grayed out. 

An ideas? I was under the assumption that db_owner has the necessary privileges to do the what is shown under Manage, such as Analyze, Add Global IDs, Register as Versioned, Unregister as Versioned, etc...

0 Kudos
4 Replies
Highlighted
Honored Contributor

Logins that are mapped to the dbo user in a specific database have the highest possible privileges in that database; therefore, they have privileges sufficient to create and administer the geodatabase. Elevated privileges do not extend beyond the specific database.

 Was the concerned database created by the same user?

0 Kudos
Highlighted
MVP Regular Contributor

There are some tasks, which only the Data Creator can perform. No other user, even sysadmin, can do these.

Those options under 'Manage', will only be available when you connect as the same user which was used to create the Data.

If the data is owned by DBO, then any login with 'sysadmin' server role granted to it, can perform those tasks.

Highlighted
Regular Contributor

Does this mean db_owner must also be db_creator in order for those options under "Manage" to be available? 

What Privileges do I need in order for those Options under "Manage" to be available?

0 Kudos
Highlighted
MVP Regular Contributor

You cannot grant additional Privileges to any login to make it Data Owner or make those options under Manage to be available.

Let's say, that you used a login named 'GIS_owner' to connect and create a feature class. The data shows up as "Db_name.GIS_owner.FC_name".

In this case, only when you connect as 'GIS_owner', you get those options under Manage. This is simply because, only the data owner (the person who created the data), has the right to grant Privileges to other logins to View\edit that data and so on.

Even if you connect as an Admin (login with 'sysadmin' permission, which is the highest possible in SQL Server), you will not get those options under Manage.

So this is not about what roles\permissions you have.

Can you provide us an example of how your Data looks? A screenshot (with the db_name and Data_name grayed out if needed) or simply type in, and we can suggest better.

0 Kudos