Fixed server role required for Object creation in sys databases?

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2005 » Administering » Fixed server role required for Object...

Fixed server role required for Object creation in sys databases?

Rate Topic

Display Mode

Topic Options

Author

Message

ZeeAtl

Posted Thursday, February 11, 2010 3:02 PM

Valued Member

Group: General Forum Members
Last Login: Saturday, June 23, 2012 9:48 AM
Points: 59, Visits: 259

What Fixed server role required for Object creation in sys databases?

Does login/connected user have to be db_owner, dbo or sysadmin [server role]?

I'm trying to downgrade privileges for application owners that are doing admin and configuration to SQL databases through app UI. Some of these apps through these users connections are creating objects in tempdb (e.g. User Defined Table).

Thanks,

Zee

Post #864352

GilaMonster

Posted Friday, February 12, 2010 2:07 AM

SSC-Dedicated

Group: General Forum Members
Last Login: Today @ 3:07 PM
Points: 37,687, Visits: 29,946

ZeeAtl (2/11/2010)[hrSome of these apps through these users connections are creating objects in tempdb (e.g. User Defined Table).

Why? In general stuff like that is a bad idea with lots of support nightmares. Remember TempDB is completely recreated whenever SQL starts. Anything (tables, permissions, etc) in there is dropped.

Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #864496

ZeeAtl

Posted Friday, February 12, 2010 6:15 AM

Valued Member

Group: General Forum Members
Last Login: Saturday, June 23, 2012 9:48 AM
Points: 59, Visits: 259

I have no control over it. It is simply an operation that is executed with certain application activities. I'm not sure what the final result is.

My question is whether with these "black-box" behind the scenes operations going on, does that account connecting to SQL Server need to be sysadmin to have privileges to do this?

In essence, can a non-Sysadmin, non-DBO, or non-db_owner role member create objects in the system databases? I would assume not, but I'm unsure.

Thanks.

Post #864570

Shriji

Posted Friday, February 12, 2010 7:08 AM

Valued Member

Group: General Forum Members
Last Login: Tuesday, May 14, 2013 11:55 AM
Points: 65, Visits: 308

No it cannot...

Post #864605

GilaMonster

Posted Friday, February 12, 2010 7:18 AM

SSC-Dedicated

Group: General Forum Members
Last Login: Today @ 3:07 PM
Points: 37,687, Visits: 29,946

ZeeAtl (2/12/2010)

In essence, can a non-Sysadmin, non-DBO, or non-db_owner role member create objects in the system databases?

Yes. Ddl_admin is more than sufficient.

Do note that TempDB is recreated completely on every start and hence all user permissions and tables will disappear. You need a way to put the permissions (and any necessary tables) back after a restart. Not trivial.

Is this 'operation' something written by in-house developers or is it a 3rd part vendor?

Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #864614

ZeeAtl

Posted Friday, February 12, 2010 11:16 AM

Valued Member

Group: General Forum Members
Last Login: Saturday, June 23, 2012 9:48 AM
Points: 59, Visits: 259

Third party application. I have no idea what the app is doing. It is hitting TempDB more than infrequently though.

Thx,

Zee

Post #864802

« Prev Topic | Next Topic »

Permissions