SQL SYS ADMIN Permission

Dear All

My client Database is on Navision.

we have implemented a scenario where there will be only one USERID in the datbase server , if some one try to enter it in Navision using the same id then it will not allow it.

using this code in Application code unit 1 (variable wsh =‘Windows Script Host Object Model’.WshShell)

sessionrec.SETRANGE(sessionrec.“User ID”,USERID);
IF sessionrec.COUNT > 1 THEN BEGIN

now to execute this we have to give sysadmin permission all users other wise it is not taking care of session table & allowing users to enter with same login id again.

now as users are having sysadmin rights so they have permission to create new database on the server.now i want to restrict it what is the possible way to perform this.

Is there any permission we have to set for Sys admin.

Thanks & Regards


It is not possible to restrict the rights of sysadmin (SA) users. Even if you could restrict a right, SA would have the ability to grant itself that right again. Granting regular users the SA roles is a VERY BAD practice.

What is your purpose for implementing this solution?


Thanks for your reply.

Is there any way so that we can restrict users to create a new database on Server as thre is no role & permission to support this in navision.

if i didnot give sysadmin permission to user then it is allowing the user to login with same login again as this is creating some problem in responsibility center design setup.

any other way to control dtabase ->New



Granting the sysadmin role to a user is never a solution for anything. You need to rethink your solution.

I probably shouldn’t ask this, but why do you want to make sure you can only have one session with a given USERID open at one time? But assuming that you have to do this a few alternatives spring to mind:

  1. Instead of having your code execute every time a user logs in, you could have a NAS running that polled the Session table. Every time it found two sessions with same user id, it could kill the older one.

  2. You could try to manage this using stored procedures. and have your code execute a stored proc every time you logged on.