Sp_password sproc in sql server 2000 only required membership in the db_accessadmin db_securityadmin database roles and securityadmin server membership so that the user could change passwords without knowing the old password. However, in SQL Server 2005/2008, BOL says that the user now needs the "CONTROL SERVER" permission for this. What authority does the CONTROL SERVER give the user permission?
Update: I found this:
CONTROL SERVER is a new SQL Server 2005 resolution and provides the same access as a member of the sysadmin fixed server role. - http://www.sqlservercentral.com/blogs/brian_kelley/archive/2009/02/24/detecting-when-a-login-has-implicit-access-to-a-database.aspx
Update: It turns out the documentation is incorrect. Like SQL Server 2000, sp_password SQL Server 2008 still seems to require membership in the db_accessadmin and db_securityadmin database roles and securityadmin server membership to allow the user to change passwords without knowing the old password.
source
share