I'm writing a script that allows my application to create Logins/Users that have permissions to create users them selves. I've read in the MS SQL 2012 documentation that if the user is a member of the db_securityadmin database role that they should have permissions to use the ALTER ROLE command on that database. I've also read numerous posts that make the same assertion.
I have created a user named MyUser whose login is also MyUser. The login is a member of the securityadmin Server Role and the user is a member of db_accessadmin, db_securityadmin, db_datareader, and db_datawriter on the database in question.
When MyUser connects to the database and attempts to execute the following command, the following error is generated:
ALTER ROLE [db_accessadmin] ADD Member [NewUser]
Msg 15151, Level 16, State 1, Line 1
Cannot alter the role 'db_accessadmin', because it does not exist or you do not have permission.
If I add MyUser to the db_owner database role or add the login to the sysadmin server role the command executes successfully.
What am I missing here?
Thanks,
Jamie Irwin