Click here to monitor SSC
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in
Home       Members    Calendar    Who's On

Add to briefcase

TFS Database Enviornment - Best Practice for Access Rights to Instance Expand / Collapse
Posted Tuesday, April 16, 2013 6:14 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Tuesday, November 29, 2016 2:30 PM
Points: 28, Visits: 667
I’ve been tasked to move our TFS databases from the SQLExpress our developers implemented, to SQL 2008 Enterprise. Our developers are planning on retaining complete control over the TFS application server.

My concerns are the requirements that the TFS Services, and by extension our developers, require sysadmin rights to the instance where the TFS databases are stored, “Required Permissions .... member of the sysadmin security group for the database instance for Team Foundation …”. This is based on the Microsoft document “Move from a Single-Server to a Dual-Server Deployment” (

I have also reviewed a blog from Brian Harry ( that discusses fewer access rights, but still elevated (member of serveradmin role, alter any login, CONTROL on the master database.

Implementing the TFS databases in this manor goes against the Principle of Least Privilege as I understand it.

Are there any suggestions for best practices in implementing a TFS database environment, while limiting SQL instance privileges to the minimum required for TFS to function?


Post #1442702
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse