Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Fixed server role required for Object creation in sys databases? Expand / Collapse
Author
Message
Posted Thursday, February 11, 2010 3:02 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Saturday, June 23, 2012 9:48 AM
Points: 59, Visits: 259
What Fixed server role required for Object creation in sys databases?

Does login/connected user have to be db_owner, dbo or sysadmin [server role]?

I'm trying to downgrade privileges for application owners that are doing admin and configuration to SQL databases through app UI. Some of these apps through these users connections are creating objects in tempdb (e.g. User Defined Table).

Thanks,

Zee
Post #864352
Posted Friday, February 12, 2010 2:07 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 4:58 PM
Points: 42,466, Visits: 35,532
ZeeAtl (2/11/2010)[hrSome of these apps through these users connections are creating objects in tempdb (e.g. User Defined Table).


Why? In general stuff like that is a bad idea with lots of support nightmares. Remember TempDB is completely recreated whenever SQL starts. Anything (tables, permissions, etc) in there is dropped.



Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #864496
Posted Friday, February 12, 2010 6:15 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Saturday, June 23, 2012 9:48 AM
Points: 59, Visits: 259
I have no control over it. It is simply an operation that is executed with certain application activities. I'm not sure what the final result is.

My question is whether with these "black-box" behind the scenes operations going on, does that account connecting to SQL Server need to be sysadmin to have privileges to do this?

In essence, can a non-Sysadmin, non-DBO, or non-db_owner role member create objects in the system databases? I would assume not, but I'm unsure.

Thanks.
Post #864570
Posted Friday, February 12, 2010 7:08 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Tuesday, June 18, 2013 6:35 AM
Points: 65, Visits: 312
No it cannot...
Post #864605
Posted Friday, February 12, 2010 7:18 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 4:58 PM
Points: 42,466, Visits: 35,532
ZeeAtl (2/12/2010)
In essence, can a non-Sysadmin, non-DBO, or non-db_owner role member create objects in the system databases?


Yes. Ddl_admin is more than sufficient.

Do note that TempDB is recreated completely on every start and hence all user permissions and tables will disappear. You need a way to put the permissions (and any necessary tables) back after a restart. Not trivial.

Is this 'operation' something written by in-house developers or is it a 3rd part vendor?



Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #864614
Posted Friday, February 12, 2010 11:16 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Saturday, June 23, 2012 9:48 AM
Points: 59, Visits: 259
Third party application. I have no idea what the app is doing. It is hitting TempDB more than infrequently though.

Thx,

Zee
Post #864802
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse