What is the CONTROL permission?

1

January 19, 2021 by Kenneth Fisher

One of the most powerful permissions available in SQL Server is control. But what exactly is it? Per BOL:

CONTROL: Confers ownership-like capabilities on the grantee.

https://docs.microsoft.com/en-us/sql/relational-databases/security/permissions-database-engine?view=sql-server-ver15#_conventions

Ownership-like. So not quite ownership. In essence if you have the control permission you have every stated permission to the object. This includes the ability to grant permissions to others (probably the most dangerous permission you can grant). So what makes it ownership-like? Simply this. You can’t grant ownership. Control at the instance allows you to do pretty much anything you like, but not add someone to the sysadmin role. Control at the database level lets you do anything to the database you want, incuding dropping it!, but you can’t add someone to the db_owner role or make them the dbo of the database.

The last thing I’ll say on the subject, is that this is a very powerful permission (obviously) and anyone who has it should be treated just like any of the other administrative principals.

Category: Microsoft SQL Server, Security, SQLServerPedia Syndication | Tags: ,

»
«

One thought on “What is the CONTROL permission?

  1. The CONTROL Permission – Curated SQL says:
    January 27, 2021 at 7:05 AM

    […] Kenneth Fisher answers a question: […]

    Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow me via RSS

RSS Feed RSS - Posts

RSS Feed RSS - Comments

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 6,758 other subscribers

Follow me on Twitter

@sqlstudent144

Archives

Categories

Meta

ToadWorld Pro of the Month November 2013