Default privileges granted to the database owner are listed in Table 8-11.
alter any object owner |
create default |
create function |
create procedure |
create rule |
create table |
create trigger |
create view |
dbcc checkalloc |
dbcc checkcatalog |
dbcc checkdb |
dbcc checkindex |
dbcc checkstorage |
dbcc checktable |
dbcc checkverify |
dbcc fix_text |
dbcc indexalloc |
dbcc reindex |
dbcc tablealloc |
dbcc textalloc |
manage abstract plans |
manage any user |
manage checkstorage |
manage database |
manage database permissions (sybsecurity only) |
manage replication |
report checkstorage |
select any audit table (sybsecurity only) |
setuser |
truncate any audit table (sybsecurity only) |
These rules apply to the database owner:
By default, no newly added database-wide privileges, other than the ones listed above, are granted to the database owner. You must use an explicit grant command to grant any additional privilege to the database owner.
By default, setuser privilege is explicitly granted to the database owner. To prevent the database owner from impersonating other users, revoke the setuser privilege from the database owner.
Any user with own any database privilege or own database privilege on a database logs in to the database as the database owner, regardless if the user is a valid user of the database. Any object created by this user has UID=1 in sysobjects.uid and their login name in sysobjects.loginame. If both own any databaseand own database privileges are revoked from this user, he or she enters the database with his or her own user ID or as a guest if he or she has not been added as a user in the database.