January 3, 2019 at 6:14 am
Using SQL Server 2012, 2014 and 2016. I'm aware of GRANT CONNECT ANY DATABASE TO login as a new feature in SQL Server 2014. I wasn't able to get it to work on SQL Server in any case! Here is the requirement... we have a tool outside of SQL Server using [NT AUTHORITY\SYSTEM] to make connections to user databases. By default, from SQL Server 2012, [NT AUTHORITY\SYSTEM] is not a member of syadmin so the connections fail. We can't change the way the tool connects to use a different account or whatever so we're stuck with it. We should also not make it a syadmin.
As I test, I mapped the [NT AUTHORITY\SYSTEM] login to one user database without any explicit db level perms - so connect only. The error log entries and alerts for that database disappeared. So, at worst, I could map [NT AUTHORITY\SYSTEM] to all user databases, connect only, on all servers but it's not a very nice solution - thousands of databases. So, the question is, without making [NT AUTHORITY\SYSTEM] a sysadmin and without mapping the login to every single user database, is there a neat way to grant permissions at the server level to [NT AUTHORITY\SYSTEM] so that it can connect to any database (preferably just user databases)?
Thanks in advance
January 3, 2019 at 7:55 pm
I know this isn't the helpful answer that you're looking for but I'd start looking for a different tool to use. The one you have is way too demanding.
--Jeff Moden
Change is inevitable... Change for the better is not.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply