sp_iqpassword now returns a Permission denied error if a user without DBA/PERMS ADMIN authority tries to change another user’s password.
Table 7 lists procedures that can now be executed by users with new authorities as an alternative to DBA authority.
System procedure |
Authority |
|---|---|
sa_get_user_status |
DBA or USER ADMIN can view information about all users. |
sp_addlogin |
DBA or USER ADMIN. |
sp_adduser |
Creating a user requires DBA or USER ADMIN. Creating a user and also adding that user to an existing group requires both USER ADMIN and PERMS ADMIN authority. |
sp_droplogin |
DBA or USER ADMIN. |
sp_dropuser |
DBA or USER ADMIN. |
sp_expireallpasswords |
DBA or USER ADMIN. |
sp_addgroup |
DBA or PERMS ADMIN to change an existing user to group. Creating a new user and changing it to group requires DBA or both USER ADMIN and PERMS ADMIN authority. |
sp_changegroup |
DBA or PERMS ADMIN. |
sp_dropgroup |
DBA or PERMS ADMIN. |
sp_password |
Users with DBA or PERMS ADMIN can change another user's password. |
sp_iqpassword |
Users with DBA or PERMS ADMIN can change another user's password. A Permission denied error is returned if a user without DBA or PERMS ADMIN tries to change another user's password. |
