Sep 02
It is common that vendors ask for permission to create databases (or they applications need) on your servers and most of DBAs I have seen immediately grant them dbCreator server role. But they are not aware that members of that role are able to DROP/ALTER any databases on the entire server regardless of whether or not you even have a user account in the database.Did you really want that??
The right approach is to grant CREATE ANY DATABASE permission and then the user is able to DROP/ALTER he/she owns.
