What is the CONTROL permission?

1

January 19, 2021 by Kenneth Fisher

One of the most powerful permissions available in SQL Server is control. But what exactly is it? Per BOL:

CONTROL: Confers ownership-like capabilities on the grantee.

https://docs.microsoft.com/en-us/sql/relational-databases/security/permissions-database-engine?view=sql-server-ver15#_conventions

Ownership-like. So not quite ownership. In essence if you have the control permission you have every stated permission to the object. This includes the ability to grant permissions to others (probably the most dangerous permission you can grant). So what makes it ownership-like? Simply this. You can’t grant ownership. Control at the instance allows you to do pretty much anything you like, but not add someone to the sysadmin role. Control at the database level lets you do anything to the database you want, incuding dropping it!, but you can’t add someone to the db_owner role or make them the dbo of the database.

The last thing I’ll say on the subject, is that this is a very powerful permission (obviously) and anyone who has it should be treated just like any of the other administrative principals.

One thought on “What is the CONTROL permission?

  1. […] Kenneth Fisher answers a question: […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 3,516 other followers

Follow me on Twitter

ToadWorld Pro of the Month November 2013
%d bloggers like this: