Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Permissions needed for Commvault Windows acount for backup Expand / Collapse
Author
Message
Posted Monday, August 2, 2010 3:59 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Tuesday, September 14, 2010 8:24 PM
Points: 1, Visits: 10
Recently joined an org that uses Commvault for SQL backups. The IT team says that Commvault needs to be in the sysadmin role to back up SQL databases. Does any one have experience of this and know exactly what permissions the Windows account needs in MSSQL to do backup and restore ?

I added the Windows account created for back ups as a login to the SQL instance. It is only in public Role. Then I added the login as a user to the Database to test backup process. Then I gave the user db_backupoperator role.

Commvault gives the following error :
Description: Error encountered during backup. Error: [ERROR: [Microsoft][ODBC SQL Server Driver][SQL Server]The login has insufficient authority. Membership of the sysadmin role is required to use VIRTUAL_DEVICE with BACKUP or RESTORE. [Microsoft][ODBC SQL Server Driver][SQL Server]BACKUP DATABASE is terminating abnormally. ]

Am I alone in thinking that is is absolutely ridiculous that it claims it needs the sysadmin role ? I have never used Commvault, only the native SQL tools. The argument here is that Commvault gives centralized control and compression. I am using MSSQL 2008, so I can argue that compression is no longer a disadvantage using native tools.

The problem as I see it is that it creates a massive security issue. The organization wants the IT team to control backups. But I do not want to give them a user the has control and access to every Database. Some of the information we have is very sensitive, and there have been breaches in the past where info (payroll salary info) has been publicized. Part of brief is to tighten up security around the Databases.

Does any one have any advice before I throw my toys about Commvault ? Maybe it can work without sysadmin but different permissions from those I have given ?
Post #962510
Posted Friday, January 24, 2014 5:52 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, September 17, 2014 10:38 AM
Points: 1, Visits: 17
I know this is an old thread.....

I am in the same situation as you are. I was wondering if you found a reasonable solution to this issue.

Thanks
Post #1534450
Posted Friday, January 24, 2014 8:04 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 1:48 AM
Points: 5,367, Visits: 9,915
I remember once having a conversation with the support team of another vendor of third-party backup software, and resigning myself to the fact that I was going to have to use a sysadmin login. No problem - the jobs ran under the SQL Server Agent account, which was sysadmin. The issue you have is that other teams want to take responsibility for your database backups. You should push back on that if you can - you are the DBA and you know best of anybody when, how and how often to back up your databases.

John
Post #1534501
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse