Members of the securityadmin fixed server role manage logins and their properties. They can GRANT, DENY, and REVOKE server-level permissions. They can also GRANT, DENY, and REVOKE database-level permissions. Additionally, they can reset passwords for SQL Server logins.
ConceptsPermissions of Fixed Server Roles
Other Resourcessp_helpsrvrole (Transact-SQL)
Security Considerations for Databases and Database Applications