Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Administration
 What Login, roles and permissions do I need

Author  Topic 

jarthda
Starting Member

10 Posts

Posted - 2013-02-20 : 17:55:09
I'm a beginning DBA being asked to document things such as login user security mappings, jobs and schedules, DB names/filegroups/files users and their DB mappings... basically all things DBA. I would like to learn what are the minimal server roles and permissions I need to do this? I assume I can use Managment consule to view this information if I can read the system tables?
I'd like to propose a login strategy which ensures I can report on the production databases from a DBA standpoint but NOT be able to read/write/delete production data. What login strategy should I suggest to the team?
Thank you

Jarthda
Embarcadero/SQL Server/and now... Informatica

srimami
Posting Yak Master

160 Posts

Posted - 2013-02-20 : 19:57:27
You need db_reader to know the details but requires db_owner to maintain database permission levelss. If you are the DBA, you need to have sysadmin roles to perform allmthe actions.
Go to Top of Page

jarthda
Starting Member

10 Posts

Posted - 2013-02-21 : 12:30:26
Thanks srimami, I'm charged with REPORTING only. By reporting, I mean reporting on how the previous DBA's have set things up. To protect myself, I want no ability to maintain databases or the server. THIS IS IMPORTANT.. I'm looking for a create login script which serves as evidence that I can report on DBA configurations (security/jobs/backups/configurations/user mappings and object privilages/linked servers... basically everything. But I'd like to do this WITHOUT being able to change anything or read data.

What I'm looking for is a DBA Audit Role. Does it exist?

Jarthda
Embarcadero/SQL Server/and now... Informatica
Go to Top of Page

Bustaz Kool
Master Smack Fu Yak Hacker

1834 Posts

Posted - 2013-02-22 : 18:29:44
Some of the areas of information can be granted piecemeal (e.g., diskadmin for disk and file information) but since you are reporting on a fuller range of areas, you'll need sysadmin privileges. You'll need these to read as well as change the configuration.

=================================================
There are two kinds of light -- the glow that illuminates, and the glare that obscures. -James Thurber
Go to Top of Page
   

- Advertisement -