locked
TAKE OWNERSHIP and CONTROL permissions RRS feed

  • Question

  • Can someone explain me difference between TAKE OWNERSHIP and CONTROL permission?

    I am having trouble understanding what does it mean to be an owner, what exactly does it mean?
    Saturday, August 8, 2009 10:57 PM

Answers

  • TAKE OWNERSHIP means that you become the owner of the object.  This permission is at a very granular level - an object within a database.
    CONTROL is a more macro level permission that grants unlimited authority within its scope.

    You grant CONTROL permission on a database or instance.  You TAKE OWNERSHIP of a table, view, schema, etc.

    At one level, there is essentially no difference.  For example, any user with CONTROL permissions can perform the same actions that an object owner can.  This is done through some implicit mappings to the database owner.  The sysadmin role is automatically mapped to the database owner role in every database and you do not need to add any member of the sysadmin role as a user in any database, the same goes for any login with CONTROL SERVER permission.  A member of the db_owner role is automatically an owner of every schema and every object within a schema without ever needing to grant permissions, the same goes for any user with CONTROL DATABASE permission.

    However, it is possible for a user to own a single object - table, view, stored procedure, or function without having access to anything else.  This is why there is essentially a "master switch" - CONTROL and a "detailed switch" TAKE OWNERSHIP.

    Mike Hotek BlowFrog Software, Inc. http://www.BlowFrogSoftware.com Affordable database tools for SQL Server professionals
    Sunday, August 9, 2009 1:23 PM
  • This is a good question that I don't remember answering before in all the detail it deserves, so here's a lengthier answer around these topics:
    http://blogs.msdn.com/lcris/archive/2009/08/11/basic-sql-server-security-concepts-ownership-control-take-ownership.aspx.

    In a nutshell: ownership means you can do whatever you want with the owned entity. CONTROL is a permission that covers all others, but having CONTROL is not ownership and you can have CONTROL but be denied other permissions. TAKE OWNERSHIP is just a permission that allows one to become the owner of an entity.

    Hope this helps

    This post is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, August 11, 2009 11:44 PM

All replies