January 19, 2021 by Kenneth Fisher
One of the most powerful permissions available in SQL Server is control. But what exactly is it? Per BOL:
CONTROL: Confers ownership-like capabilities on the grantee.https://docs.microsoft.com/en-us/sql/relational-databases/security/permissions-database-engine?view=sql-server-ver15#_conventions
Ownership-like. So not quite ownership. In essence if you have the control permission you have every stated permission to the object. This includes the ability to grant permissions to others (probably the most dangerous permission you can grant). So what makes it ownership-like? Simply this. You can’t grant ownership. Control at the instance allows you to do pretty much anything you like, but not add someone to the sysadmin role. Control at the database level lets you do anything to the database you want, incuding dropping it!, but you can’t add someone to the db_owner role or make them the dbo of the database.
The last thing I’ll say on the subject, is that this is a very powerful permission (obviously) and anyone who has it should be treated just like any of the other administrative principals.