Ways to add Windows Logins - (Version 4 SQL)

Is there a way to add Windows Logins (Groups and Users) without being SA?

I would like to assign the role of creating windows logins for navisoin to some adminstrator instead of a DBA. I have tried adding the user to SQL security admin, but still get “You do not have the required SQL server permissions to perform the current security activity”

Even better, does anyone know what navision actually does when you add a windows login (other than insert into the table), ie. SQL stored procedures?


Installation & System Management: Microsoft® Business Solutions–Navision SQL Server Option

Qoute: This login must first have been created by a SQL Server administrator…

My understanding therefore is that if you have 100’s of users and new starters and people leaving, its going to be up to a SQL server administrator to have to control what users login into navision. This is not ideal as I would rather use the SQL Server Administrators time better and assign the role of maintining users to someone in the support department - ideally the same person that creates normal Active Directory windows logins for the network. (But this person must not have SQL Server Administrator Privelages!).


So you want someone to do SQL Server administrator tasks without assigning that person administrator status? Does that make sense to you?

To be able to add users you have to be either sys admin or db_owner.

I believe he would like to have someone Manage Navision users without be a database administator. That is different then how you are stating it. We are a small shop and I would like the same thing, to be able to have someone that could add a user to Navision without being able to do everything with the database. Like accidently delete or change something.

What would be nice is to have a wizard that I could give permission to a few users to run, that would setup up login, assign menus the user would belong to, ect.

does that make since

Only members of the sysadmin fixed server role, the db_accessadmin and db_owner fixed database roles can execute sp_grantdbaccess

Yes, this is what I mean.

In fact, I have now found that giving the user Security Administrator rights in SQL server does the job. So I guess this will have to be acceptable becuase at least the user won’t have System Administrator rights.