Navigation:  Installation Guide for PaperSave for Blackbaud CRM > Appendix >

User Rights for PaperSave Service Account on SQL Server

 Previous pageReturn to chapter overviewNext page

Below are the commands used in PaperSave which need SysAdmin rights in SQL Server.

 

Sql KeyWords used in SQL Commands

Rights Required for it

Description

Description given in MSDN

DBCC TRACEON (1204)

Sysadmin

Turns on (enables) the specified trace flag.

DBCC TRACEON permissions default to members of the sysadmin fixed server role only,

sp_fulltext_database        

Sysadmin

Initializes full-text indexing or removes all full-text catalogs from the current database.

Only members of the sysadmin fixed server role and db_owner fixed database role can execute sp_fulltext_database

SET TRUSTWORTHY

Sysadmin

The TRUSTWORTHY database property is used to indicate whether the instance of SQL Server trusts the database and the contents within it. By default, this setting is OFF, but can be set to ON by using the ALTER DATABASE statement.

To set this option, you must be a member of the sysadmin fixed server role.

SET DB_CHAINING OFF

Sysadmin

ON-- Database can be the source or target of a cross-database ownership chain

OFF-- Database cannot participate in cross-database ownership chaining

-

CREATE LOGIN        

sysadmin or Securityadmin

Creates a new SQL Server login.

Requires ALTER ANY LOGIN permission on the server or membership in the securityadmin fixed server role.

CREATE USER

-

Adds a user to the current database.

-

EXEC sp_addrolemember

sysadmin, or securityadmin

Adds a security account as a member of an existing Microsoft® SQL Server™ database role in the current database.

Only members of the sysadmin fixed server role and the db_owner fixed database role can execute sp_addrolemember to add a member to fixed database roles. Role owners can execute sp_addrolemember to add a member to any SQL Server role they own. Members of the db_securityadmin fixed database role can add users to any user-defined role.

exec sp_grantlogin

sysadmin   or securityadmin

Allows a Microsoft® Windows NT® user or group account to connect to Microsoft SQL Server™ using Windows Authentication.

Only members of the sysadmin or securityadmin fixed server roles can execute sp_grantlogin.

exec sp_grantdbaccess

Sysadmin

Adds a security account in the current database for a Microsoft® SQL Server™ login or Microsoft Windows NT® user or group, and enables it to be granted permissions to perform activities in the database.

Only members of the sysadmin fixed server role, the db_accessadmin and db_owner fixed database roles can execute sp_grantdbaccess.