Junior DBA and Data Access

  • Hi all

    Has anyone implemented an RBAC model ti restrict Junior DBAs access to view data while at the same time allowing them to perform administration tasks?  I suppose my first question is what kinds of tasks could they do without being able to view data.  I understand encryption would be the ideal scenario here, but at present that is not possible.Some of the things I have thought of that they could do with the appropriate controls in place would be:

    Performance tuning using DMVs, profier etc - what I am unclear of however is if this give them access to view data
    High level troubleshooting - viewing error logs etc
    Writing reports for compliance purposes.

    Any and all comments welcome.
    Thanks

  • I don't know about the RBAC, but, if someone can view the DMVs, they can see parameter values passed for queries that are ad hoc. That can be a violation of certain types of security.

    "The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
    - Theodore Roosevelt

    Author of:
    SQL Server Execution Plans
    SQL Server Query Performance Tuning

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply