USER ADMIN authority is the permission to manage users, external logins, and login policies.
USER ADMIN authority is required to:
Create and drop database users, and assign initial passwords.
Create, alter, or drop login policies, and assign login policies to users.
Define user authentication mechanism, such as Kerberos or integrated login.
Create or drop external logins.
Force password change on next login for users.
Reset user login policies.
Only a user with DBA or PERMS ADMIN authority may grant USER ADMIN authority to other users.
