Error Message:
Msg 4613, Level 16, State 1, Line 2
Grantor does not have GRANT permission.
Severity level:
16.
Description:
This error message appears when you try to grant permissions without having the permission yourself to grant these permissions.
Consequences:
The T-SQL statement can be parsed, but causes the error at runtime.
Resolution:
Errors of the Severity Level 16 are generated by the user and can be fixed by the SQL Server user. The statement cannot be executed this way. You can only grant those permissions to others that you are yourself granted to give.
Versions:
All versions of SQL Server.
Example(s):
USE Master;
GO
DROP LOGIN MyUserA;
DROP LOGIN MyUserB;
GO
CREATE LOGIN MyUserA
WITH PASSWORD = ‘abc’;
CREATE LOGIN MyUserB
WITH PASSWORD = ‘def’;
–USE Northwind;
DROP USER MyUserA;
DROP USER MyUserB
CREATE USER MyUserA FOR LOGIN MyUserA
WITH DEFAULT_SCHEMA = dbo;
CREATE USER MyUserB FOR LOGIN MyUserB
WITH DEFAULT_SCHEMA = dbo;
GO
SETUSER ‘MyUserA’
GO
USE Master;
GRANT CREATE DATABASE TO MyUserB;
SETUSER;USE Master;
GO
DROP LOGIN MyUserA;
DROP LOGIN MyUserB;
GO
CREATE LOGIN MyUserA
WITH PASSWORD = ‘abc’;
CREATE LOGIN MyUserB
WITH PASSWORD = ‘def’;
–USE Northwind;
DROP USER MyUserA;
DROP USER MyUserB
CREATE USER MyUserA FOR LOGIN MyUserA
WITH DEFAULT_SCHEMA = dbo;
CREATE USER MyUserB FOR LOGIN MyUserB
WITH DEFAULT_SCHEMA = dbo;
GO
SETUSER ‘MyUserA’
GO
USE Master;
GRANT CREATE DATABASE TO MyUserB;
SETUSER;
Remarks:
In the above example we create two logins and users in the master database. Then we switch the security context to the MyUserA. Within this context we try to grant CREATE DATABASE permission to MyUserB without having the permission to grant this permission. This raises the error.