Eric M Russell (4/18/2013)
Dree Vasquez (4/18/2013)
Hi AllThanks so much for all the suggestions. I really appreciate it.
I asked the Global developer and they said their procedures cannot be changed. And they also said that we should not limit the rights of the Developers/App Support Team to the databases. In my office, the developer and app support are the same team and I don't think it is correct to grant everyone db_owner privileges.
Do we really give developers the rights to execute stored procedures on the Test and the Production Systems. (In my office, Change Management is required on the Test and Production Systems) and granting such privileges will mean no one needs to raise an CR in the first place.
If you're a member of sysadmin, then you can grant or deny whatever privillages you know are really required. You can even edit and recompile the stored procedures too. Don't let some 3rd party tell you how to manage your database.
As a counter to that you should remember that the code whether stored procedures or otherwise should have been tested and signed off before being put LIVE. This testing may and change control may be governed by statutary requirements and so altering it without a full retest may have legal implications. As such you should not be changing the stored procs but instead requiring the developers to do so.
On the other hand it is reasonable to require the developers to produce the code such that it will work correctly on a server with much more restrictive permissions.
As a developer I would expect very liberal rights on the develpment server - definitely DBO and probably SysAdmin. I would expect TEST to be more restricted - no SYSADMIN, maybe DBO but probably only DBREADER, DBWriter and appropriate EXECUTE permissions and minimal rights on the LIVE box.