I am currently using SQL Server 2019 Developer edition and facing an issue with changing passwords. I have a login that holds the CONTROL SERVER permission but has been denied ALTER ANY LOGIN permission.
When the user attempts to change their own password using the following command:
use master
alter login USERNAME WITH PASSWORD = 'newpassword789' OLD_PASSWORD = 'oldpassword123'
An error occurs:
Cannot alter the login ‘USERNAME’, because it does not exist or you do not have permission.
Interestingly, when I remove the denial on ALTER ANY LOGIN, the password change goes smoothly. Yet, I want to maintain the denial for security reasons.
According to Microsoft’s documentation, it seems that having the ALTER ANY LOGIN permission should not be necessary when changing one’s own password with the OLD_PASSWORD clause.
What might be causing this permission error?