SQL roles to create users

I have a user I want to be able to allow to create users in Navision (NAV 4.0 SP3).

What are the minimum roles this users need on the SQL Server (2005)?


I think you need to be db_securityadmin (possibly even db_owner) for the DB and also have the securityadmin server role at a minimum.



You should not need db_owner for this

Maybe I should have added a bit more information to this.

The issue is actually that I do NOT want to give the user full permission to the SUPER role in NAV, neither give him access to the system role 5821 (Win. Logins). I don’t want to do this as we have a global application, but it’s the responsibility of the system admin off each country to assign users in their country. But they are not allowed to assign access to users in other countries. So instead I have created a separate application within NAV where we can handle this. And the application additionally give us the required (by our IT auditor’s) change log of user profiles.

It actually works fine, in regard to updating permissions (adding to Windows Access Control). And I can also make it work when it’s only adding a new users (previously created in the AD) to the Windows Login table. But if I’m both adding a new user to the Windows Login table and the Windows Access Control table in the same transaction, then I’m getting an error saying “You do not have the required SQL Server permissions to perform the current security activity”…

So I’m actually come the to conclussion that is must be something within NAV instead of an actual missing SQL Server permission.

Can any confirm this?

I’m still having the problem (getting the error message: “You do not have the required SQL Server permissions to perform the current security activity”) even though I have given the user db_securityadmin (and even also securityadmin to the sever).

I have found the solution in this thread: http://dynamicsuser.net/forums/t/10994.aspx