Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««1234»»»

PBM Alert Expand / Collapse
Author
Message
Posted Friday, July 22, 2011 6:38 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, January 24, 2013 9:59 PM
Points: 1,354, Visits: 1,299
calvo (7/22/2011)
cengland0 (7/22/2011)
Hey, wait a second. According to:

http://technet.microsoft.com/en-us/library/bb510667.aspx

Administering Policy-Based Management requires membership in the PolicyAdministratorRole role in the msdb database. This role has complete control of all policies on the system. This control includes creating and editing policies and conditions and enabling and disabling policies.

So tell me why did I get it wrong?

He mentions testing the alert before pushing to production which indicates an on-demand test. Reading further in the link you'll see
"Alert security:

When policies are evaluated on demand, they execute in the security context of the user. To write to the error log, the user must have ALTER TRACE permissions or be a member of the sysadmin fixed server role. Policies that are evaluated by a user that has less privileges will not write to the event log, and will not fire an alert."

Although sysadmin will work, it's not the minimum permission

Thanks for the great explanation. That means I legitimately missed the question this time. Dang.
Post #1146597
Posted Friday, July 22, 2011 6:55 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Tuesday, November 11, 2014 3:26 PM
Points: 305, Visits: 237
Richard Warr (7/22/2011)
No, not everybody

But, if you've been following the discussions on some recent questions you'll note that some people take the prospect of a point very seriously.

I think the honourable approach is to try and answer the question straight away then, especially if you get it wrong. read the given reference and learn something.

But that's just me - people are free to approach the scenario as best suits them. Invariably nobody gets hurt.


You might be correct Richard, but since one of the aims of QOTD is to brag about your points (as the email says), then, new joiners like me with infinitesimally small points compared to others would want to climb up the Hall of Fame pretty quickly!

Show some mercy
Post #1146608
Posted Friday, July 22, 2011 7:05 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Tuesday, September 30, 2014 7:42 AM
Points: 3,688, Visits: 72,435
Richard Warr (7/22/2011)
No, not everybody

But, if you've been following the discussions on some recent questions you'll note that some people take the prospect of a point very seriously.

I think the honourable approach is to try and answer the question straight away then, especially if you get it wrong. read the given reference and learn something.

But that's just me - people are free to approach the scenario as best suits them. Invariably nobody gets hurt.


My points are important. For me it's
1. Take my best guess as to what the answer is
2. Then try to find the answer and see if I'm correct. If I can't find it quickly enough, I stick with my gut instinct. In this case I was wrong. I suspected it was eitehr ALTER TRACE or must be sysadmin. Because of what policies are about, I went with SA required to test them as I figured that they could be created, but only SA's could actually deploy/test them. I was wrong, I still learned something.




--Mark Tassin
MCITP - SQL Server DBA
Proud member of the Anti-RBAR alliance.
For help with Performance click this link
For tips on how to post your problems
Post #1146613
Posted Friday, July 22, 2011 7:14 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Wednesday, December 10, 2014 10:49 AM
Points: 1,194, Visits: 791
i was not thinking about the least previlages and selected the sysadmin role. thanks for the good question.
Post #1146619
Posted Friday, July 22, 2011 7:43 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, January 31, 2013 8:01 AM
Points: 1,228, Visits: 1,046
Nice Question! Thank YOU!!!
I must admit that at first read I was worried. I got that bad question vibe.
Then I read this part "You are able to create the policies."
That is the KEY to the right answer.
If you can create the policies, but the alerts are not firing the only thing that can be missing is the Alter Trace permission.

Have a good weekend!
Post #1146638
Posted Friday, July 22, 2011 7:43 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Today @ 10:51 AM
Points: 1,639, Visits: 1,986
Execute as user is made up? It actually does exist but my guess was that it couldn't be used when executing policies.

BOL reference:
Execute As (Transact-SQL)
Post #1146639
Posted Friday, July 22, 2011 7:47 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Today @ 10:51 AM
Points: 1,639, Visits: 1,986
Shark Energy (7/22/2011)
Am I doing this wrong? (QotD) Even if its a subject I don't know about I try and come up with an answer as its a test of my knowledge. I don't look up the answers beforehand.

Does everyone else treat them like a real life scenario at work where you books online anything you dont know?


I using it as a learning opportunity. If it's something I think I know or be able to figure out from what I know I'll just answer. If I don't I'll either do research since I learn better that way than getting it put right in front of me or guess depending on my mood and the question.
Post #1146640
Posted Friday, July 22, 2011 7:54 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, January 31, 2013 8:01 AM
Points: 1,228, Visits: 1,046
crafdenberg (7/22/2011)
Execute as user is made up? It actually does exist but my guess was that it couldn't be used when executing policies.

BOL reference:
Execute As (Transact-SQL)


Uh Oh... maybe I spoke to soon. I totaly missed the explination saying this was made up.
"Execute As" is definately a real thing!
"Execute As" is also definately not a permission!

You might be able to use this to test the Policy Alert if the User supplied has the ALTER TRACE permission. I realy have no way to test at this time....
Did you try this crafdenberg? If you can post some working script it would prove your point, but it would not make this command a permission.
Post #1146643
Posted Friday, July 22, 2011 7:58 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Today @ 10:51 AM
Points: 1,639, Visits: 1,986
We don't use policies to manage SQL yet. I'm planning on testing it out and see if it's something we want to pursue but don't have time to do it right now.
Post #1146646
Posted Friday, July 22, 2011 8:32 AM
Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Monday, October 27, 2014 1:17 AM
Points: 549, Visits: 1,017
cengland0 (7/22/2011)
Hey, wait a second. According to:

http://technet.microsoft.com/en-us/library/bb510667.aspx

Administering Policy-Based Management requires membership in the PolicyAdministratorRole role in the msdb database. This role has complete control of all policies on the system. This control includes creating and editing policies and conditions and enabling and disabling policies.

So tell me why did I get it wrong?


As well as the decent explanation you've already been given, the option in the question was actually PolicyAdministrator rather than the correct role name of PolicyAdministratorRole
Post #1146687
« Prev Topic | Next Topic »

Add to briefcase ««1234»»»

Permissions Expand / Collapse