Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

login permissions to run the SQL Server Profiler Expand / Collapse
Author
Message
Posted Tuesday, October 14, 2008 2:23 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Thursday, September 13, 2012 7:43 AM
Points: 239, Visits: 768
Hi,

Is there a way to grant a SQL Server 2005 login permissions to run the SQL Server Profiler without granting the login the Server Role of “sysadmin”?

Thanks,
David
Post #585783
Posted Tuesday, October 14, 2008 2:35 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 9:17 AM
Points: 10,911, Visits: 12,554
You need ALTER TRACE permissions at the server level. Just be aware that this IS a SERVER level permission so any user you grant this to can trace ANY database.

Use master
Go
Grant Alter Trace to Login





Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #585796
Posted Tuesday, October 14, 2008 9:01 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Thursday, September 13, 2012 7:43 AM
Points: 239, Visits: 768
Thanks Jack!
Post #585914
Posted Sunday, February 19, 2012 7:22 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Sunday, February 19, 2012 11:39 PM
Points: 1, Visits: 14
If you use domain user try following syntax :

Use master
Go
Grant Alter Trace to [Domain\Username]

note: [ ] are important!



mehr
Post #1254430
Posted Friday, October 05, 2012 6:11 AM
Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Saturday, December 21, 2013 10:30 AM
Points: 549, Visits: 1,177
HI jack

other than giving sysadmin or using this script

-------------------------------------
Use master
Go
Grant Alter Trace to Login
-------------------------------------

1.if we give bulkadmin and public in server role and ddladmin,db_datareader,db_datawriter in database role also user can acess the sqlserver profiler on a particular database which they are having access

2. iam usingthis process when a application user asking to give access to run trace by sqlserver profiler
3. Is this correct or not ?
4. if it is correct is it safe


Thanks & Regards
NAGA.ROHITKUMAR
Post #1368966
Posted Friday, October 05, 2012 6:54 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 9:17 AM
Points: 10,911, Visits: 12,554
naga.rohitkumar (10/5/2012)
HI jack

other than giving sysadmin or using this script

-------------------------------------
Use master
Go
Grant Alter Trace to Login
-------------------------------------

1.if we give bulkadmin and public in server role and ddladmin,db_datareader,db_datawriter in database role also user can acess the sqlserver profiler on a particular database which they are having access

2. iam usingthis process when a application user asking to give access to run trace by sqlserver profiler
3. Is this correct or not ?
4. if it is correct is it safe


Naga,

According to BOL, the only permissions needed to run a trace (Profiler) are ALTER TRACE at the server level. [url=http://msdn.microsoft.com/en-us/library/ms187611.aspx][/url]




Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #1369001
Posted Friday, October 05, 2012 10:16 PM
Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Saturday, December 21, 2013 10:30 AM
Points: 549, Visits: 1,177
ya i too agree with u ALTER TRACE
but if we use default master the user can able to have access on all databases know

i mean it for running a profiler only to one or seleted databases


Thanks & Regards
NAGA.ROHITKUMAR
Post #1369380
Posted Saturday, October 06, 2012 10:20 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 5:02 PM
Points: 36,016, Visits: 30,307
naga.rohitkumar (10/5/2012)
ya i too agree with u ALTER TRACE
but if we use default master the user can able to have access on all databases know

i mean it for running a profiler only to one or seleted databases


Based on that, I have to ask... Why do you want to give a "user" privs to run SQL Profiler? Unless they have the ability to create a Server Side Trace (and I personally believe that no user should have that level of privs), a user could easily cripple the server by creating a client side trace.

To wit, I believe that no user should have more than PUBLIC privs on production databases and their access should be limited to only what they can return using a stored procedure that they've been given EXECUTE privs on.


--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

"Change is inevitable. Change for the better is not." -- 04 August 2013
(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1369447
Posted Monday, October 08, 2012 7:35 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 9:17 AM
Points: 10,911, Visits: 12,554
naga.rohitkumar (10/5/2012)
ya i too agree with u ALTER TRACE
but if we use default master the user can able to have access on all databases know

i mean it for running a profiler only to one or seleted databases


This is not possible. A user must have ALTER TRACE permissions to run Profiler/Trace and this is a server level permission NOT a database level permission. Trace is designed to be used by DBA's for auditing and troubleshooting, it is NOT designed for regular user use.

As Jeff has said, "a user could easily cripple the server by creating a client side trace."

There are options that would allow you to make trace data available to users and even to allow users to start and stop and trace designed by you (not that I'm saying that this is a great option either).

You could setup a server side trace that filters on the specific database and put that script in a stored procedure that is certificate signed and allow users to run that stored procedure that creates and starts the trace (I'd put in controls that only allow this trace to be created once). Then have another signed procedure that calls fn_trace_gettable() to query the trace files.

Another option would be to have a server-side trace that you define and have running (not necessarily the best idea either), then have a process that asynchronously copies the trace data to a table and grant rights to that table.

Neither of those options are ideal, as traces do have impact on server performance, but both are better than just granting ALTER TRACE To users.







Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #1369810
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse