Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

Restricting SecurityAdmin on SQL Server 2005/2008 Expand / Collapse
Author
Message
Posted Sunday, September 5, 2010 2:59 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, April 11, 2014 2:17 AM
Points: 48, Visits: 240
I am going to lock out my SA per auidit need. Even if i use control server option, i can addd database and remove database, but i am not able to view my SQL server agent jobs.

Is it possible to view my SQL agent jobs for maintenance as a DBA, by using control server option.
Other than impersonating SA , is there any other option
Thanks
Eben
Post #980761
Posted Wednesday, September 22, 2010 4:51 AM


SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Tuesday, July 15, 2014 1:06 PM
Points: 95, Visits: 1,137
Hi Brian,

as a follow-up regarding our tweets and to share this information to other users as well (maybe they´re having an idea):

If we have a user who has only the right GRANT ALTER ANY LOGIN, then this user
is able to create a new login but cannot assign this new user to the sysadmin server role.

However, a user with GRANT ALTER ANY LOGIN can drop a user, which is member of the sysadmin server role, although just removing the user from that role doesn´t work.

In my case this is still too much power.
For example: I try to give a user the permission to check if the server-side accounts are properly mapped to database users and in case there´s a missing mapping to a database user, allow him to map the login.

Regards
Dirk


--
May you never suffer the sentiment of spending a day without any purpose.
@DirkHondong on Twitter
Post #991014
Posted Wednesday, September 22, 2010 5:00 AM


SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Tuesday, July 15, 2014 1:06 PM
Points: 95, Visits: 1,137
Steve Jones - Editor (9/2/2010)
...

I would love to see a server level role that allowed someone to add a login, and a user for a specific database (s) only. That's the type of permissions that I often want to hand over to another person.


I should have read the other posts closer.

What Steve mentions here is exactly what would be on my mark.


--
May you never suffer the sentiment of spending a day without any purpose.
@DirkHondong on Twitter
Post #991019
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse