<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQL Server 2005
»
SQL Server 2005 Security
»
login permissions to run the SQL Server...
login permissions to run the SQL Server Profiler
Rate Topic
Display Mode
Topic Options
Author
Message
Decommissioned_Account_02
Decommissioned_Account_02
Posted Tuesday, October 14, 2008 2:23 PM
SSC Veteran
Group: General Forum Members
Last Login: Thursday, September 13, 2012 7:43 AM
Points: 239,
Visits: 768
Hi,
Is there a way to grant a SQL Server 2005 login permissions to run the SQL Server Profiler without granting the login the Server Role of “sysadmin”?
Thanks,
David
Post #585783
Jack Corbett
Jack Corbett
Posted Tuesday, October 14, 2008 2:35 PM
SSChampion
Group: General Forum Members
Last Login: Friday, May 17, 2013 12:22 PM
Points: 10,571,
Visits: 11,871
You need ALTER TRACE permissions at the server level. Just be aware that this IS a SERVER level permission so any user you grant this to can trace ANY database.
Use master
Go
Grant Alter Trace to Login
Jack Corbett
Applications Developer
Don't let the good be the enemy of the best. --
Paul Fleming
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #585796
Decommissioned_Account_02
Decommissioned_Account_02
Posted Tuesday, October 14, 2008 9:01 PM
SSC Veteran
Group: General Forum Members
Last Login: Thursday, September 13, 2012 7:43 AM
Points: 239,
Visits: 768
Thanks Jack!
Post #585914
mehrdad
mehrdad
Posted Sunday, February 19, 2012 7:22 AM
Forum Newbie
Group: General Forum Members
Last Login: Sunday, February 19, 2012 11:39 PM
Points: 1,
Visits: 14
If you use domain user try following syntax :
Use master
Go
Grant Alter Trace to [Domain\Username]
note: [ ] are important!
mehr
Post #1254430
naga.rohitkumar
naga.rohitkumar
Posted Friday, October 05, 2012 6:11 AM
Mr or Mrs. 500
Group: General Forum Members
Last Login: Yesterday @ 2:42 AM
Points: 525,
Visits: 998
HI jack
other than giving sysadmin or using this script
-------------------------------------
Use master
Go
Grant Alter Trace to Login
-------------------------------------
1.if we give bulkadmin and public in server role and ddladmin,db_datareader,db_datawriter in database role also user can acess the sqlserver profiler on a particular database which they are having access
2. iam usingthis process when a application user asking to give access to run trace by sqlserver profiler
3. Is this correct or not ?
4. if it is correct is it safe
Thanks & Regards
NAGA.ROHITKUMAR
Post #1368966
Jack Corbett
Jack Corbett
Posted Friday, October 05, 2012 6:54 AM
SSChampion
Group: General Forum Members
Last Login: Friday, May 17, 2013 12:22 PM
Points: 10,571,
Visits: 11,871
naga.rohitkumar (10/5/2012)
HI jack
other than giving sysadmin or using this script
-------------------------------------
Use master
Go
Grant Alter Trace to Login
-------------------------------------
1.if we give bulkadmin and public in server role and ddladmin,db_datareader,db_datawriter in database role also user can acess the sqlserver profiler on a particular database which they are having access
2. iam usingthis process when a application user asking to give access to run trace by sqlserver profiler
3. Is this correct or not ?
4. if it is correct is it safe
Naga,
According to BOL, the only permissions needed to run a trace (Profiler) are ALTER TRACE at the server level. [url=http://msdn.microsoft.com/en-us/library/ms187611.aspx][/url]
Jack Corbett
Applications Developer
Don't let the good be the enemy of the best. --
Paul Fleming
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #1369001
naga.rohitkumar
naga.rohitkumar
Posted Friday, October 05, 2012 10:16 PM
Mr or Mrs. 500
Group: General Forum Members
Last Login: Yesterday @ 2:42 AM
Points: 525,
Visits: 998
ya i too agree with u ALTER TRACE
but if we use default master the user can able to have access on all databases know
i mean it for running a profiler only to one or seleted databases
Thanks & Regards
NAGA.ROHITKUMAR
Post #1369380
Jeff Moden
Jeff Moden
Posted Saturday, October 06, 2012 10:20 AM
SSC-Dedicated
Group: General Forum Members
Last Login: Yesterday @ 5:33 PM
Points: 32,902,
Visits: 26,783
naga.rohitkumar (10/5/2012)
ya i too agree with u ALTER TRACE
but if we use default master the user can able to have access on all databases know
i mean it for running a profiler only to one or seleted databases
Based on that, I have to ask... Why do you want to give a "user" privs to run SQL Profiler? Unless they have the ability to create a Server Side Trace (and I personally believe that no user should have that level of privs), a user could easily cripple the server by creating a client side trace.
To wit, I believe that no user should have more than PUBLIC privs on production databases and their access should be limited to only what they can return using a stored procedure that they've been given EXECUTE privs on.
--Jeff Moden
"
RBAR
is pronounced "ree-bar" and is a "Modenism" for "
R
ow-
B
y-
A
gonizing-
R
ow".
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
Post #1369447
Jack Corbett
Jack Corbett
Posted Monday, October 08, 2012 7:35 AM
SSChampion
Group: General Forum Members
Last Login: Friday, May 17, 2013 12:22 PM
Points: 10,571,
Visits: 11,871
naga.rohitkumar (10/5/2012)
ya i too agree with u ALTER TRACE
but if we use default master the user can able to have access on all databases know
i mean it for running a profiler only to one or seleted databases
This is not possible. A user must have ALTER TRACE permissions to run Profiler/Trace and this is a server level permission NOT a database level permission. Trace is designed to be used by DBA's for auditing and troubleshooting, it is NOT designed for regular user use.
As Jeff has said, "a user could easily cripple the server by creating a client side trace."
There are options that would allow you to make trace data available to users and even to allow users to start and stop and trace designed by you (not that I'm saying that this is a great option either).
You could setup a server side trace that filters on the specific database and put that script in a stored procedure that is certificate signed and allow users to run that stored procedure that creates and starts the trace (I'd put in controls that only allow this trace to be created once). Then have another signed procedure that calls fn_trace_gettable() to query the trace files.
Another option would be to have a server-side trace that you define and have running (not necessarily the best idea either), then have a process that asynchronously copies the trace data to a table and grant rights to that table.
Neither of those options are ideal, as traces do have impact on server performance, but both are better than just granting ALTER TRACE To users.
Jack Corbett
Applications Developer
Don't let the good be the enemy of the best. --
Paul Fleming
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #1369810
« Prev Topic
|
Next Topic »
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
