Restricting SecurityAdmin on SQL Server 2005/2008

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » Article Discussions » Article Discussions by Author » Discuss Content Posted by Brian Kelley » Restricting SecurityAdmin on SQL Server...

13 posts, Page 2 of 2

««1 2

Restricting SecurityAdmin on SQL Server 2005/2008

Rate Topic

Display Mode

Topic Options

Author

Message

ebenraja

Posted Sunday, September 05, 2010 2:59 AM

SSC Rookie

Group: General Forum Members
Last Login: Friday, December 14, 2012 3:01 AM
Points: 48, Visits: 234

I am going to lock out my SA per auidit need. Even if i use control server option, i can addd database and remove database, but i am not able to view my SQL server agent jobs.

Is it possible to view my SQL agent jobs for maintenance as a DBA, by using control server option.
Other than impersonating SA , is there any other option
Thanks
Eben

Post #980761

Dirk.Hondong

Posted Wednesday, September 22, 2010 4:51 AM

SSC Journeyman

Group: General Forum Members
Last Login: Yesterday @ 4:40 AM
Points: 95, Visits: 1,087

Hi Brian,

as a follow-up regarding our tweets and to share this information to other users as well (maybe they´re having an idea):

If we have a user who has only the right GRANT ALTER ANY LOGIN, then this user
is able to create a new login but cannot assign this new user to the sysadmin server role.

However, a user with GRANT ALTER ANY LOGIN can drop a user, which is member of the sysadmin server role, although just removing the user from that role doesn´t work.

In my case this is still too much power.
For example: I try to give a user the permission to check if the server-side accounts are properly mapped to database users and in case there´s a missing mapping to a database user, allow him to map the login.

Regards
Dirk

--
May you never suffer the sentiment of spending a day without any purpose.
@DirkHondong on Twitter

Post #991014

Dirk.Hondong

Posted Wednesday, September 22, 2010 5:00 AM

SSC Journeyman

Group: General Forum Members
Last Login: Yesterday @ 4:40 AM
Points: 95, Visits: 1,087

Steve Jones - Editor (9/2/2010)

...

I would love to see a server level role that allowed someone to add a login, and a user for a specific database (s) only. That's the type of permissions that I often want to hand over to another person.

I should have read the other posts closer.

What Steve mentions here is exactly what would be on my mark.

--
May you never suffer the sentiment of spending a day without any purpose.
@DirkHondong on Twitter

Post #991019

« Prev Topic | Next Topic »

13 posts, Page 2 of 2

««1 2

Permissions