By default, only the system administrator has create database permission, although he or she can grant permission to use the create database command. However, in many installations, to centralize control of database placement and database device allocation, the system administrator maintains a monopoly on create database permission. In these situations, the system administrator creates new databases on behalf of other users, and then transfers ownership to the appropriate users.
To create a database and transfer ownership to another user, the system administrator:
Issues the create database command.
Switches to the new database with the use database command.
Executes sp_changedbowner, as described in “Changing database ownership”.
When a system administrator grants permission to create databases, the user that receives the permission must also be a valid user of the master database, since all databases are created while using master.
The fact that system administrators seem to operate outside the protection system serves as a safety precaution. For example, if a database owner forgets his or her password or accidentally deletes all entries in sysusers, a system administrator can repair the damage using the backups or dumps that are made regularly.
Permission for alter database or drop database defaults to the database owner, and permission is automatically transferred with database ownership. You cannot use grant or revoke to change alter database and drop database permission.
