Database owners and system administrators are the only users who can grant object creation permissions to other users (except for create encryption key and create trigger permission which can only be granted by the system security officer). The database owner has full privileges to do anything inside that database, and must explicitly grant permissions to other users with the grant command.
Permission to use the following commands is automatically granted to the database owner and cannot be transferred to other users:
checkpoint
dbcc
alter database
online database
drop database
dump database
dump transaction
grant (object creation permissions)
load database
load transaction
revoke (object creation permissions)
setuser
Database owners can grant or revoke permission to:
Use these commands: create default, create procedure, create rule, create table, create view.
Database owners can grant permission to use create database, set tracing, and connect if they have the sa_role and are in the master database.
Database owners can grant permission to use set session authorization, create trigger, and create encryption key if they have the sso_role.
all – if you are the database owner, all grants permisions for all create commands except create database, create trigger and create encryption key. If you have the sa_role, all grants permissions for create database, set tracing, and connect as well, if you issue the grant command in the master database.
default permissions on system tables
Use dbcc commands:checkalloc, checkcatalog, checkdb, checkindex, checkstorage, checktable, checkverify, fix_text, indexalloc, reindex, tablealloc, textalloc, tune
