SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


How to set/change permissions on server side trace files?


How to set/change permissions on server side trace files?

Author
Message
Eric Mamet
Eric  Mamet
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10296 Visits: 1020
I created a couple of "light weight" server side traces but the files seem created with very unfriendly permissions.
In order to read the file, I need to take ownership, change permissions, or copy the file, all of which is inconvenient.

How can I choose the default permissions on these trace files?
jasona.work
jasona.work
SSC-Forever
SSC-Forever (44K reputation)SSC-Forever (44K reputation)SSC-Forever (44K reputation)SSC-Forever (44K reputation)SSC-Forever (44K reputation)SSC-Forever (44K reputation)SSC-Forever (44K reputation)SSC-Forever (44K reputation)

Group: General Forum Members
Points: 44298 Visits: 16677
Likely the easiest solution would be to set the permissions you need on the parent folder and enable inheritance of the permissions.

BUT depending on where your trace files are going, if there are other files besides the trace in that folder, you could introduce new problems or potential security holes. Your best bet would be to create a dedicated folder for the trace to put its files in, set the permissions and inheritance on that folder, and go.

If you have a security team / person, I'd also suggest checking with them about this, just to play it safe.
Eric Mamet
Eric  Mamet
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10296 Visits: 1020
I tried but did not succeed...

my traces are going to a folder Z:\SQLTraces
I disabled inheritance on the folder |:\SQLTraces, then set the permission on it to everyone Read/Execute

Yet, when files are created in there by SQL Server, I have to take ownership one file at a time...

It looks like the files are created with a very strict (lack of) permissions.
Sue_H
Sue_H
SSC Guru
SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)

Group: General Forum Members
Points: 74645 Visits: 15266
Eric Mamet - Thursday, May 3, 2018 10:24 AM
I tried but did not succeed...

my traces are going to a folder Z:\SQLTraces
I disabled inheritance on the folder |:\SQLTraces, then set the permission on it to everyone Read/Execute

Yet, when files are created in there by SQL Server, I have to take ownership one file at a time...

It looks like the files are created with a very strict (lack of) permissions.


You would want inheritance enabled so that the files that get created in that folder inherit the same permissions from the folder.

Sue



e4d4
e4d4
SSCarpal Tunnel
SSCarpal Tunnel (4.9K reputation)SSCarpal Tunnel (4.9K reputation)SSCarpal Tunnel (4.9K reputation)SSCarpal Tunnel (4.9K reputation)SSCarpal Tunnel (4.9K reputation)SSCarpal Tunnel (4.9K reputation)SSCarpal Tunnel (4.9K reputation)SSCarpal Tunnel (4.9K reputation)

Group: General Forum Members
Points: 4939 Visits: 2985
No way to set specific permission to trace files, permission for trace files are not inherited from folder, it is the same behaviour like for DB files.

https://blogs.msdn.microsoft.com/psssql/2008/06/25/how-it-works-trace-trc-file-security/
Sue_H
Sue_H
SSC Guru
SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)

Group: General Forum Members
Points: 74645 Visits: 15266
e4d4 - Thursday, May 3, 2018 2:05 PM
No way to set specific permission to trace files, permission for trace files are not inherited from folder, it is the same behaviour like for DB files.

https://blogs.msdn.microsoft.com/psssql/2008/06/25/how-it-works-trace-trc-file-security/


Sorry, I forgot about how it overwrites any inheritance. Thanks for the reminder on that.

Sue



jasona.work
jasona.work
SSC-Forever
SSC-Forever (44K reputation)SSC-Forever (44K reputation)SSC-Forever (44K reputation)SSC-Forever (44K reputation)SSC-Forever (44K reputation)SSC-Forever (44K reputation)SSC-Forever (44K reputation)SSC-Forever (44K reputation)

Group: General Forum Members
Points: 44298 Visits: 16677
e4d4 - Thursday, May 3, 2018 2:05 PM
No way to set specific permission to trace files, permission for trace files are not inherited from folder, it is the same behaviour like for DB files.

https://blogs.msdn.microsoft.com/psssql/2008/06/25/how-it-works-trace-trc-file-security/

Interesting, I'm wondering if it behaves the same with Audit files.

Sue_H
Sue_H
SSC Guru
SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)SSC Guru (74K reputation)

Group: General Forum Members
Points: 74645 Visits: 15266
jasona.work - Thursday, May 3, 2018 5:05 PM
e4d4 - Thursday, May 3, 2018 2:05 PM
No way to set specific permission to trace files, permission for trace files are not inherited from folder, it is the same behaviour like for DB files.

https://blogs.msdn.microsoft.com/psssql/2008/06/25/how-it-works-trace-trc-file-security/

Interesting, I'm wondering if it behaves the same with Audit files.


I was playing with it today - it looks like just the trace files as I can see the inheritance, permissions on the other file types. Interesting that extended events files have the permissions inherited from the folder.

Sue



Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum








































































































































































SQLServerCentral


Search